Following a number of conversations with clients over the past few months and with plenty of references to the new General Data Protection Regulations in the marketing industry, we thought it was worth putting together a brief overview of forthcoming changes to those involved in the use of personal data for Business Marketing and to provide Oscar’s position and protocols around data collection, provision and use.
In May 2018, a new set of rules Governing the holding and use of personal data will come into force. Called the General Data Protection Regulations (GDPR), this EU wide legislation will have an impact on almost all UK businesses, but particularly those regularly processing or using data that contains details relating to people/personal data.
For those with masochistic tendencies, the full set of regulations can be read at – http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&qid=1490280010587&from=en
(those with eagle eyes may spot item (47) – “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.” – not quite as straight-forward as all that, but nice for our industry to have been considered!
There is also another piece of legislation in the pipeline – the ePrivacy Directive – designed to supplement the GDPR in relation to digital interactions with individuals and the rights and rules associated. Likely to be in place 2018/2019.
A useful overview of the changes in relation to business marketing can be seen, courtesy of the Direct Marketing Association, at – https://dma.org.uk/article/b2b-marketing-and-the-gdpr
Direct Marketing and Research:
For us (and clients), the interest is in the application of these rules in relation to the data collected by Oscar and the use for business marketing, communication and research.
The headline points for those involved with direct marketing and research are as follows:
B2B Email Marketing to Public Bodies, Businesses and Corporate Subscriber email addresses within these organisations will remain on an OPT-OUT basis. There are rules governing the practices of direct marketing via email of course (covered in our terms of data usage), but broadly the GDPR changes don’t affect current practices. Watch words (sentences) here are “Relevant” “Not Excessive” “Target content and services to the Post not the Post Holder” “Offer clear Opt-outs and ensure they are honored”
Another entry for the DMA here; regarding the use of corporate emails for B2B marketing following the new legislation – https://dma.org.uk/article/worst-eprivacy-b2b-fears-averted
B2B Phoning and Postal Marketing – As above in terms of organisational scope and permissions remain (subject to Corporate Telephone Preference Screening of course!) OPT-OUT. Approaches need, of course, to be targeted, respectful and, as always, requests for no further correspondence or communication be honoured.
Ultimately, the new legislation introduces additional safeguards around personal, and more importantly, sensitive data. Larger organisations may require additional and/or training of staff to ensure compliance with their roles as data controllers, but ultimately (and sensibly) the changes still permit the use of professional related personal data (ie post holder names and their corporate email addresses) to be used for the purposes of targeted and well planned marketing of products, services, events and publications.
As a data compiler and provider of Public Sector organisational and post holder data there are two key elements for us.
Fundamentally making sure the data we hold is correct and fit for purpose is paramount. We spend over £250,000 annually and employ 15 people to achieve a 6 month rolling research cycle though our database. Details of which can be seen at – http://www.oscar-research.co.uk/databases/accurate
Effectively split into two parts – collection and use.
Data collection, validation and retention – Our Database Transparency and Information Notice can be seen at – http://www.oscar-research.co.uk/info/datatransparency.php – following extensive review by our legal team in 2016, this is the best reference point for details of our disclosure of data usage purpose, permissions and management protocols for data compliance and has been in force since January 2017. In brief, all Oscar data is sourced either from within the Public Domain or is provided to us by the post holders or their employing Public Service organisations. We make all the data we hold freely available to the subject organisations and employees across Government and Public Services and in all instances of data request/provision, provide an obvious reference to, or copy of, the information notice linked to above.
Data Use by Clients – We never sell data, we provide specific time and use restricted licenses to clients for its use which is governed by our Terms of Usage – http://www.oscar-research.co.uk/info/terms . These ensure compliance for both us and the data user and are strictly enforced. The terms of usage are also referenced in our Data Transparency and Information Notice.
We hope this provides a bit of enlightenment (and indeed re-assurance) on our approach to the new legislations and the use of our data moving forward. We appreciate we’ve just covered a specific and narrow element of the overall implications of GDPR and the broader legalities relating to holding of, access to, use and rights relating to all dimensions of personal data. That said, on all other associated matters; employees dates of births, birthday cards with someones picture on it, or most importantly, can you add the name of your clients cat to your CRM…. we’re afraid you’re on your own. Either that, or you could try the DMA, the ICO, Trading Standards, CAB, Amnesty International or perhaps your local friendly solicitor.
James and the Team at Oscar