Your SlideShare is downloading. ×
Data protection   janine paterson - direct marketing association
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Data protection janine paterson - direct marketing association


Published on

Published in: Business

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Institute of Fundraising Supporter Care & Stewardship Friday 21st September 2012 Data Protection Janine Paterson DMA Solicitor
  • 2. Overview• Data Protection Act• Marketing• Potential changes in the future
  • 3. Data Protection Act 1998• Privacy - a topic in the UK and Europe for over 60 years• Data Protection Act 1984 – minimum implementation in the UK• 1995 Data Protection Directive – became DPA 1998• Privacy and Electronic Communications Regulations 2003 and 2011
  • 4. 8 PrinciplesPersonal data are:• Processed fairly and lawfully• Processed only for specified and lawful purpose(s)• Adequate, relevant and not excessive• Accurate and up to date• Not kept longer than necessary• Subject to rights of data subjects• Technical/organisational means to prevent unlawful or unauthorised processing• Transferred outside EEA only if adequate security• All relevant to marketing but 1 is foundation
  • 5. Principle 1Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless-(a) At least one of the conditions in Schedule 2 is met, and(b) In the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met
  • 6. Collecting and using data formarketing• Processing – doing anything with data• Collecting and using data for marketing is processing• Need grounds to process• Marketing – consent• Problem with consent – it can be withdrawn• If withdrawn then you can not process the data for marketing
  • 7. Marketing dataMany ways to acquire personal data for marketing purposes – Direct from consumer – Bought in/rented lists – Survey sponsorship
  • 8. Marketing rulesGeneral rules – B2C• Direct Mail – opt-out• Telephone – opt-out• Email – opt-in• SMS – opt-in• Fax – opt-in
  • 9. Email/SMS marketingSoft opt-in/existing customer exemption• Exemption applies if all the conditions apply• 1) Email or mobile number was acquired in the course of a sale or negotiations for goods or services• 2) Unsubscribe from marketing offered at time of collecting data and on all subsequent messages• 3) Marketing must be only about similar goods and services• 4) Identity of sender is not disguised
  • 10. Charitable donations• Do not come within the definition of the exemption so opt-in for email and SMS• ICO confirms view in guidance:We are a charity, political party, or not-for profit organisation; can we take advantage of ‘soft opt-in‘?Only if you are promoting commercial goods and services, for example, those offered by your trading arm.ICO guidance on electronic marketing
  • 11. So what to do?• ICO recognise the difficulty this causes.• Argue that organisations should seek “solicited” communications, ie get people to actively agree to being contacted – permission based marketing• Send messages to people who actually want to hear from you
  • 12. Permission based marketing• Don’t see it as the enemy – Comply with legal requirements – Good data management – Increase customer confidence and therefore the bottom line
  • 13. Legal requirements• Data Protection Act - 8 principles• Marketing opt-ins/outs
  • 14. Good data management• Makes good business sense – data is an asset and can give a competitive edge• Data quality is vital to the success of any business• Affects reputation and brand
  • 15. Consumer confidence• Consumers - more aware value of data• Will affect whom consumers do business with
  • 16. How can we achieve this?• New customers – easiest as can show benefits – over telephone or on a website sell the benefits of agreeing to be contacted – Privacy policy
  • 17. How can we achieve this?• Existing customers – more difficult – should have got opt-in when first joined – Database update – service message • Duty to keep information held accurate and up to date • Confirm marketing preferences • Incentive - prize draw – Instil confidence in your customers that you respect their data and protect it
  • 18. Telemarketing• Legal requirements for B2C• In-house suppression file• TPS screening for all new numbers acquired if applicable• TPS screening if buy in/rent third party opt-ins where organisation was not a named third party
  • 19. The future1995 European Directive ( implemented into UK by 1998 Data Protection Act ) showing its age due to:1) Law doesn’t take account of new technologies – and more complex information networks2) Lack of common European law and differences in national implementation impedes marketing3) Consumer concern over privacy – high profile data security breaches, etc. leading to reducing permission to market
  • 20. Data Protection Regulation - Keyissues• Opt-in and opt–out - obtaining consent• General rule for direct marketing – “explicit consent by clear statement or affirmative action”• Legacy databases – what about data collected under current law?• At odds with existing rules on voice calls, email and SMS marketing
  • 21. Data Protection Regulation - Keyissues• IP addresses and cookies – Definition of personal data extended so could cover some IP addresses and cookies – But IP addresses identify a device not an individual + some IPs are general• Right to be forgotten – Right for individuals to request organisations to delete any information held on them – Drafted with social media in mind – but goes beyond this
  • 22. Data Protection Regulation - Keyissues• Data breach notification – Every organisation that suffers a data security breach would have to notify Information Commissioner’s Office and the individuals concerned within 24 hours – Increase in fines/sanctions – in stages, of up to 2% of global turnover or 1 million euros• Marketing to children – General rule – parental consent required for under 18’s – Exception for online marketing to children above age of 13
  • 23. What the DMA are doing• Federation of European Direct and Interactive Marketing Associations (FEDMA) in Brussels leading collective EU dm effort – UK DMA chairs Legal Affairs Committee• Lobbied Commission intensively after unofficial draft leaked in Dec 2011 – with some success• Responded to Ministry of Justice’s Calls For Evidence in 2010 and 2012, with input from DMA members.• Responded to Commons Justice Select Committee inquiry – Select Committee now holding hearings
  • 24. What the DMA are doing• Now lobbying UK Government and European institutions as the proposal goes through the European legislative process• Leading UK Data Industry Group response to the proposed legislation & participating in CBI Group on Data• Key research on consumer attitudes to privacy, Data Privacy: What the Consumer Really Thinks and on the economic value of the dm industry, Putting a Price on Direct Marketing
  • 25. Summary• Data protection rules not there to hinder you or stop you running your business• Use them to build confidence in your organisation• Start the dialogue with those who want to hear• Involves everyone in the organisation• Join the DMA and help shape the future
  • 26. Thank you for listening Janine Paterson DMA SolicitorE: T: 020 7291 3356