LEGAL DISCLAIMER – It goes without saying, that we are not lawyers, and none of this should be taken as legal advice. We are simply industry professionals going through the same process as most – trying to make the best sense we can out of these new regulations and following their guidance – while hopefully sharing some useful thoughts and resources along the way.
Since the GDPR was first adopted (can you believe it’s been more than 2 years now? This year was just the start of enforcement!) mainstream coverage has been, shall we say, varied in its accuracy; leading to all sorts of misunderstanding for both marketers and consumers alike.
For some in marketing this has meant wasted time and effort and in the extreme, has led to some panicked opt-in attempts that may in themselves have been non-compliant. Others yet have fallen back on inaction as the safest option. Even consumers, whom this legislation is supposed to protect, have had a devil of a time understanding their rights – as some industry experts have suggested – “…I believe explaining to (possibly aggrieved) consumers that consent is not necessarily required will be a bigger problem for many organisations...” Philippa Donn, Data Protection Network
The big takeaway for us is that this is just the beginning of the road to mutual understanding of the GDPR; but the way forward is definitely going to involve getting closer to your customers and having real, honest conversations.
Know the Core Principals
Before we waded into the intricacies and advanced concepts of the GDPR in order to shape our products and practices, we really needed to give ourselves an understanding of the basics and how they applied to our business. There was no better place to start than with the core principles –
- Lawfulness, fairness and transparency
- So… treat people’s data with honesty and be clear about it
- Purpose limitation
- And only contact them when we should, if we should
- Data minimisation
- Only storing data that is necessary to do so
- Making sure it’s correct, up to date
- Storage limitation
- And only kept for as long as is needed, or requested
- Integrity and confidentiality (security)
- Assure that data is safe and secure
- While being transparent about everything we do
Already it is clearer what this regulation is trying to achieve and, for us, how it actually aligns closely with what we see as best practice marketing – “Marketing is often seen as a one way shout for attention – much better to have a thoughtful, honest and friendly conversation” Paula Hanley, Talk Intelligence For further reading and understanding of the core principles, we suggest taking it to the source, and seeing how you can apply the principles to your business.
Once the purpose of the legislation was clear, understanding the main players and concepts was next for us. Here are the ones that featured most prominently in our journey –
The crux of all of this, and it’s a broad definition – any information that can be used to directly or indirectly identify a person. From email addresses to biometrics, social media content to IP addresses.
When personal data refers to somebody, they are referred to as a data subject.
Any action, manual or automatic, performed on personal data. So from analysis, to transmittal, a telephone call and beyond – if a business activity uses personal data, It’s processing.
Most likely, you. This refers to whomever decides how, when, why and where personal data is collected and used.
Consent must be freely given, specific in what it concerns and signified by a positive, clear and unbundled action. This is just one lawful basis to process personal data – there are 5 others.
Privacy by Design
Privacy should no longer be a separate process in systems or projects, it should be embedded into all activities that involve personal data.
Right to Access & Right to be Forgotten
Two key entitlements given to any data subject, that they have the right to access any data stored about them, and for that data to be deleted on request.
Whilst there are lots of terms to familiarise yourself with, being able to talk the talk and understand the new terminology frequently used in relation to the GDPR is critical to forming a positive relationship with it – as ever, there is no better way than getting to the source of it, in the FULL TEXT of the GDPR or with the ICOs PDF guide here – fair warning, both are lengthy documents full of lawyer-speak. If you want a recommendation for where to start, we recommend this handy key issues section.
Arming yourself with a better understanding of the world of the regulation. Its aims and principles, is the only true way to understand the rules it will enforce, the boundaries it lays out and your place within it. Above all, don’t panic and make the GDPR into the enemy, or worry about those crazy fines the media has highlighted if you are following through proactively and honestly – “…this law is not about fines. It’s about putting the consumer and citizen first.” Elizabeth Denham, ICO
Sounds good, right?
That’s because it is – we’ve come to see that the GDPR is a provider of opportunity and benefit to a compliant marketer. Transparency and dialogue are valued at the core of any approach. Which is why we believe the telephone is the best way to reengage with your current and future customers. An accountable marketer doing the right thing by the consumers they talk to can build trust at a deeper level than ever before.
In the next part of this series, we’ll attempt to put forward some key focus areas, and some real world actions we should all take in order to realise some of these opportunities in life after the GDPR.