Jan 5, 2018Industry insights,
How will the GDPR impact on marketing and advertising professionals?
From 25th May 2018 the current Data Protection Directive will be replaced with the General Data Protection Regulation (GDPR), which doesn’t leave long for businesses to act and become GDPR compliant. After this point, any business that fails to comply with these regulations will risk a hefty fine.
As the GDPR specifically relates to personal data it will affect each business in a different way. For some businesses it will affect little more than the records they hold within recruitment departments, but for others it will have a significant impact.
The nature of the data processing tasks that are conducted by marketing and advertising professionals will mean it’s likely that these departments will see the biggest impact and most noticeable changes.
The GDPR will apply to anything that is considered personal information, which includes names, photos, social posts or even their IP address.
One of the main considerations will be the new requirement to obtain opted-in marketing contacts. Opted-in will mean exactly that, and a pre-ticked box or an opt-in by default will no longer be sufficient. Brands will need to be very clear on how they intend to use data and a consumer has complete right to withhold consent for their data to be processed. The giving of consent will need to be retained and accessed if needed, and for any business that processes a significant amount of data, their Data Protection Policy should be reviewed to reflect the importance of how these records should be stored and how they are able to be retrieved.
There’s little doubt that the GDPR is going to reform the digital marketing landscape. It will be vital for any business that relies on data, for marketing purposes, to adapt to the new GDPR legislations and implement the changes required to comply with the new legislation.
These are some things you can take a look at now to help determine how you might be affected.
Review – the type of data you currently process and the personal information you hold
Consent – you will need to review how you currently request, record and manage consent for opted-in contacts. Opted-in consent needs to be explicit, therefore you will need to be transparent on how you intend to use the data.
Data storage – Privacy and safety are paramount, you will need to ensure you have appropriate measures in place to detect and report data breaches. In addition, you will need to ensure records are retrievable and able to be permanently deleted if requested. Appropriate measures should also be in place to ensure access to the data is restricted to only those who require it for the purpose it has been collected.
The most important thing to keep in mind is that the GDPR is being considered as a ‘step-change’ to the existing Data Protection Act. So if you are already a business that complies with this legislation, you will find updating your current practices to bring them in-line with the GDPR much easier.
More information on the GDPR can be found on the ICO website.