So first of all, a very hearty well done to all of those who've made it to Friday 25th May 2018! The European Union's General Data Protection Regulations come into enforceable law from today. In a nutshell, despite all of the press releases that contradict each other, this will not lead to wholesale changes in the way marketing is conducted - however it will mean larger fines for those who flaunt the rules, better protection and access to their data for subjects (you and I, the joe public) and, I believe, a transformation to better planned, more targeted and ultimately more successful direct marketing.
A few words of advice firstly pause all marketing until your plan is in place, whether that's to your internal CRM or purchased data lists. With regards to purchased data lists, be sure to check the data provider has taken compliance steps for GDPR and be sure to check you have a current license for that data. With GDPR having a greater focus on compliance, data companies have no option but to be rigid and firm when it comes to misuse of any databases.
The impact of GDPR is real and the potential to be fined is very tangible, primarily for those who make no attempt to conform. Don't forget, Elizabeth Denham, Head of the ICO has already explained:
“The ICO are not aiming to hand out unfair & disproportionate fines, they're hoping to see companies going to best endeavours to comply and are there to help companies with the new regulations.”
I'm no legal expert, I'm not charged out at £1000's per day and I'm certainly not offering GDPR advice specific to your company, but below is a list of things I'd consider from a marketing and CRM standpoint.
1. Which legal bases will you use to process information?
2. Will you use legitimate interest, and have you completed a legitimate interest assessment?
3. Is your privacy statement up to date?
4. Do you need to be registered with the ICO?
But fortunately, the vast majority of companies reading this are fully prepped and ready for GDPR. I can only imagine the amount of time dedicated to new policies in the past month, trust me we've been planning at Databroker for at least 2 years, if not slightly longer.
In the data industry, some weaker list suppliers have actually chosen not to supply beyond GDPR, but this is a good thing as broker's like us only want to see high quality, fully compliant data options being offered.
Each list provided through Databroker is undergoing a GDPR process and we remain committed to doing our due diligence on both list owners and our clients. We continue to refuse business if compliance cannot be demonstrated, both when researching new list options for our library and when transacting with our end clients.