Telling the truth about SME life today

What effect could data protection law changes have on your business

Designed to better protect individuals in light of advances in marketing techniques and technologies, these changes will form a Europe-wide regulation that must be implemented by all member states.

The new law should provide greater clarity for marketers and ensure more accountability for businesses who store and process personal data for marketing purposes. Perhaps most importantly, the new regulation will also apply to non-EU organisations operating within the European marketplace.

Obviously this will have wide-ranging implications for marketers operating out of any EU country. Marketers should probably consider external data protection services to ensure that they can implement the following proposed changes:

What will the new regulation look like

Among the proposed changes are:

Opt-in marketing messaging

In the past, marketers have been able to use ‘opt out’ checkboxes when collecting customer data. The new regulation proposes that all forms of marketing, telemarketing and direct mail included, will require explicit opt-in permissions from customers.
Whats the problem

Current techniques that encourage customers to opt in will be illegal. Many marketers expect their mailing lists to be severely affected as a direct result. It will also become much harder to benefit from data lists and data protection services that do not breach these rules.

Businesses that plan to collect information that will require explicit consent must ensure that, in all their processes, it is very clear what data is being collected and for what purpose”, explains David Smith, deputy commissioner at the Information Commissioners Office. “It is important that the consent to collect data and use it for a specific purpose is prominent and not tucked away somewhere in a user agreement.

Profiling permissions

Marketers will need to seek additional permission from customers before being allowed to profile the personal data they hold.

Whats the problem  Customer profiling has always had a creepy reputation, so securing explicit permission will be difficult. Records held by marketers prior to the regulation go-live will need to secure new permissions or be deleted.

Only 34 per cent of people think that it’s OK for business to keep detailed records of their purchases. – Customer Profiling & What You Probably Didnt Know

Access to data fees

Currently marketers can charge an admin fee for providing customers with access to their own records. The new regulation will force businesses to provide access to such data completely free of charge.

Whats the problem  The current fee charging structure allows marketers to recoup some of their admin costs incurred when handling data access requests. There are also some concerns that data list broking will no longer be possible because of these changes.

Verified data deletion

When a customer opts out of communications, marketers can retain their data and mark it as do not contact . The new legislation will force marketers to delete records if requested by customers.

Whats the problem  Disparate data sets means that customer information may reside in other applications throughout the business. This raises the prospect of customers being contacted even after their marketing records have been deleted attracting fines and censure as a result. EU data protection rules state that ?0.5 per cent of a company’s global turnover for charging a user for a data request, one per cent if a firm refused to hand over data or failed to correct bad information and two per cent for more serious violations.  

To help navigate these potentially costly changes, marketers need to re-engineer their data collection processes and the tools used to store information. EU marketers already fear that the proposals will leave their businesses at a disadvantage to competitors based in countries outside the Union.

Preparing for the changes

To stay ahead of the game, marketers will need to become more creative in the way that they secure customer opt-in and use data protection services more intelligently to ensure they stay on the right side of the law. This means:

  • Re-working current data collection methods to ensure opt-in permission is sought from customers. Also ensuring any purchased contact lists are fully compliant with the new regulations;
  • Seeking additional permissions for customer profiling;
  • Ease data access routines to create new efficiencies that reduce the cost of customer data access requests; and
  • Implement company-wide record deletion routines that extend beyond the marketing contact database.

Get your house in order now under the current law, to ensure you are ready for the coming changes, because the principles are not very different,” Smith adds.

Julie Knight is founder and MD of Marketscan.


Related Stories


If you enjoyed this article,
why not join our newsletter?

We promise only quality content, tailored to suit what our readers like to see!