How will GDPR and ePrivacy Affect Your Business?

How will GDPR and ePrivacy Affect Your Business?

Share this post

The new GDPR laws are due to come into force on 28th May 2018 and ePrivacy laws should be about the same time although there is no date set.

Key Points

  • The impending GDPR and ePrivacy laws will work hand in hand.
  • GDPR has 4 governing factors regarding personal data (from your database or purchased from a list broker) and your marketing communications (direct mail, email, SMS, content marketing, even the Internet of Things (IoT) has to meet each of the four requirements:
    1 – Have a specific purpose 2 – Be Lawful 3 – Be Fair 4 – Be TransparentTo be lawful means passing one of six tests.
  • To qualify across all four governing factors, we need to introduce the ePrivacy laws which are intrinsically linked to GDPR.
  • The ePrivacy laws are all about CONSENT
  • B2C remains opt in (i.e. the owner of a personal email address has given evidential consent to receive marketing communications from you). HOWEVER the devil is in the detail – STRICTER CONSENT requirements have been imported from GDPR.
  • B2B remains opt out (i.e. the corporate email address owner must be able to very easily opt out if they wish, from marketing communications). Again, the devil is in the detail – B2B faces a ‘legitimate interest’ challenge, whereby seeking opt in (like B2C) could prove the wisest move.
  • Existing databases will need to gain new consent and the request has to be phased in terms of checking the accuracy of data on file. FlyBe and Honda have recently been fined for ‘asking’ customers if they want to remain as either opt in or opt out.
    It’s not all about consent – there will be new profiling rules in respect of asking for consent to track users on a website. This is still in draft form but the new laws are exploring those previously hard to reach avenues. A lot of this depends upon how sophisticated the profiling is.
  • Action should be taken now to explore how much it will affect you.

Action Points

  • Map inflows and outflows of data for your company, identifying where all the personal information comes into an organisation and where it flows out.
  • Visualising the flows in such a manner will mean that the process of becoming compliant is thorough.
  • Focus on the source of data, whether from a new source or an existing database

More detail can be found on the OCI website

Tags: