The General Data Protection Regulation (GDPR) is the most significant change to data protection law since the introduction of the Data Protection Act in 1998. It will become enforceable from 25 May 2018.
For a summary of the changes, read our earlier blog post.
How does GDPR impact marketing?
As marketing is heavily dependent on personal data, the new legislation will have an impact on marketing practice. There are three key areas that marketers need to be concerned with:
- Data consent
- Data access
- Data legitimacy
From May 2018, the individual (data subject) must explicitly opt-in to allow personal data to be processed and used for marketing purposes.
Pre-ticked boxes that require individuals to untick the box to opt out, or assuming that consent is given by default, will not be sufficient. Consent requests must be separate from other terms and conditions and consent should not be a precondition of signing up to a service unless it is necessary for its delivery.
Marketers will need to make sure they’ve actively sought permission and have evidence of the opt-in. The easiest way to do this is through an opt-in tick box.
The GDPR is designed to give individuals more control over how their data is collected and used. Individuals must be given access to their data if they request it and remove consent for its use if they so choose. Individuals will have a ‘right to be forgotten’ so can ask you to delete their information from your records.
When sending marketing emails make sure there is a clear unsubscribe link within the email.
From May 2018, data can only be collected for ‘specified, explicit and legitimate purposes’. This change means that you must not ask individuals for more information than is necessary and marketers must apply better housekeeping rules. Marketers must delete data for which they don’t have a legitimate use.
When gathering details for marketing purposes, avoid collecting any unnecessary data and stick with the necessary information.
The Information Commissioner’s Office (ICO) has recently announced that a GDPR helpline will be available from 1 November 2017 to help small businesses. For assistance on any aspect of GDPR call the helpline number which is 0303 123 1113.