SlideShare a Scribd company logo

Data Protection for Marketing Professionals

Download as PPTX, PDF
J
James Boyle

An introduction to the GDPR for Marketing Professionals, covering business and consumer marketing rules, as well as Email, SMS, phone and post.

Law
1 of 28
GDPR 101 for Marketers: Your Questions Answered! 9 March 2018 James Boyle – Associate Solicitor T: 01223 225028 E: james.boyle@taylorvinters.com
The GDPR • It’s a monster – regulates all personal data. • Covers how we collect, use, store, share and delete personal data. • Applies irrespective of whether: – We are dealing with consumers or businesses. – We are using the data for marketing purposes or other reasons.
The Privacy & Electronic Communications Regulations • Sets out when we can send marketing emails and text messages to consumers, sole traders and some partnerships (“B2C”). • Most marketing fines we see are actually for breaches of the PECRs rather than the Data Protection Act/GDPR.
What is a marketing email? [specific examples discussed on 9 March 2017]
What is not a marketing email? [specific examples discussed on 9 March 2017]
Fundamentals
The Data Processing Conditions • Before we can use anyone’s data, we need to satisfy a processing condition. There are six: – Consent – Because there’s a contract in place – Because it’s in our legitimate interests – Because it’s to comply with a legal obligation – To protect the vital interests of the data subject (think paramedics at the scene of an emergency) – To perform a task in the public interest
Which processing condition? • All 6 processing conditions are theoretically available to us for marketing purposes under the GDPR. • The PECRs restrict which processing conditions we can use for electronic marketing to consumers. • Practical reality means only a few processing conditions are relevant for marketers.
Which processing condition for marketing? GDPR PECRs Consent Any channel Contract Legitimate Interests Any channel Legal Obligation Vital Interests Public Interest B2C Email and SMS must have consent, unless the soft opt-in applies Relevance? Likely to be consent anyway due to clarity requirements B2C Email and SMS ok if you establish a soft opt-in Relevance? Likely to be consent anyway due to clarity requirements Relevance? Likely to be consent anyway due to clarity requirements Relevance? Likely to be consent anyway due to clarity requirements
The soft opt-in • For existing customers or someone who has shown an interest in the business, you can send them marketing texts or emails if: - you obtained their details during a sale or negotiations for a sale to them - you are only marketing your own similar products or services (not those of a third party or group company) - you gave the person a simple opportunity to refuse or opt out of marketing at the time you collected their information - Be careful using the soft opt-in, there is a new piece of legislation coming in (the e-Privacy Regulation) which may change when we can use it.
Which processing condition am I using? Consent Legitimate Interests Post If you collected an opt- in, whether B2B or B2C. If you offered an opt-out or nothing at all, for B2B or B2C. Always screen against the MPS! Email & SMS If you complied with the soft opt-in - PECRs apply to these channels for B2C. If you didn’t get an opt-in from your B2B contacts. Telephone If you offered an opt-out or nothing at all. Always screen against the TPS!
Consent
I’m using consent, now what? • PECRs say you need consent, but the GDPR sets the requirements for that consent. Do you meet it? – Freely given? not forced to give it – Specific? identifies relevant channels – Informed? identifies what will be sent – Not bundled or hidden? separate opt-in mechanism – Positive action? silence does not = consent • Consent doesn’t last forever – is your opt-in fewer than 2 – 3 years old?
I’m using consent, now what? • Met all of those requirements? Great! Sit back and chill out, until the 2 – 3 year time period impacts you… • If no, consider refreshing that consent via a re- permissioning campaign, upgrading the consent to the GDPR standard and “resetting” the opt-in time.
How are others handling consent • For legacy, but GDPR standard consent, there are no recorded fines for failing to “re-permission” – some are taking the risk by doing nothing. • Others are carrying out a re-permissioning campaign – the risk here is that people complain to the ICO about the re-permissioning email. • Let’s talk about what re-permissioning looks like:
Top tips for re-permissioning • If you say: we will continue to contact you unless you opt out, that is not enough to collect GDPR standard consent. It needs to be we won’t contact you unless you opt-in [by clicking here]. • Segment your data – is there any value in re- permissioning those who haven’t opened an email from you in the last 18 months? These recipients are also more likely to complain.
Top tips for re-permissioning (cont.) • Make the email fun and engaging – you need to encourage people to open it and opt in. • Opt-in rates from re-permissioning are between 20% and 50%. • Make sure you record who opted in, when and how they did it, to meet the new GDPR record keeping requirements.
Legitimate interests
How are others handling legitimate interests? • Risk averse approach - move to consent: – B2B contacts first receive a “privacy receipt” – B2C consent campaign • Stay with legitimate interests – make sure you have a retention period. It will not be okay under the GDPR to market to people indefinitely.
Legitimate interests: the balancing test • Because it is so easy to say: marketing is in our legitimate interest, we can only use data in that way if it doesn’t unfairly impact on recipients’ privacy rights. • Use a Privacy Impact Assessment to work this out.
Legitimate interests: potential practical changes • Enhancing security • Moving to consent instead • Using “privacy receipts” • Setting retention periods • Narrowing the scope of the marketing we send – particular companies/sectors only
The legal effect of an unsubscribe
Consent Legitimate Interests Post If you collected an opt- in, whether B2B or B2C. If you offered an opt-out or nothing at all, for B2B or B2C. Email & SMS If you complied with the soft opt-in - PECRs apply to these channels for B2C. If you didn’t get an opt-in from your B2B contacts. Telephone If you offered an opt-out or nothing at all. UNSUBSCRIBE = CONSENT WITHDRAWN UNSUBSCRIBE OR ON PREF. SERVICE = FAIL BALANCING TEST UNSUBSCRIBE = FAIL BALANCING TEST UNSUBSCRIBE OR ON PREF. SERVICE = FAIL BALANCING TEST The legal effect of an unsubscribe
Case Study Participant Question
Whilst we all agree with the spirit of GDPR (and PECR for that matter), if you're a small company with minimal lead acquisition budget, how can you get off the ground? For e.g. joining member business networking bodies - you can't necessarily email members to introduce yourself and your business - or can you? Lists are often too expensive. How do you get the volume in a database you need to start putting content in front of it, engaging on social etc. There is a limited time for a small business to build traction. What is the best/compliant plan?
If you're a small company with minimal lead acquisition budget, how can you get off the ground? For e.g. joining member business networking bodies - you can't necessarily email members to introduce yourself and your business - or can you? • The PECRs don’t apply to B2B electronic marketing, so you can identify leads via LinkedIn or your own internet research and contact them by email or SMS. • Think about other channels – telephone and postal introductions can be made (but always screen against the TPS). • Think about how the initial email contact will “look” – draft it carefully because an uninvited B2B email (although generally permitted) may irritate the recipient.
Lists are often too expensive. How do you get the volume in a database you need to start putting content in front of it, engaging on social etc. There is a limited time for a small business to build traction. What is the best/compliant plan? • You can create a database of leads using your own research rather than buying in lists – these leads are likely to be higher quality too. • What the best/compliant plan? • Make sure you are being clear about how you use people’s information in your privacy policy • Be as clear as possible in your marketing emails around how people can unsubscribe – does a particular link unsubscribe them from a category of marketing emails, or all marketing emails from you?
Discussion

Recommended

What Is Email Marketing - Email Marketing Tips
What Is Email Marketing - Email Marketing TipsWhat Is Email Marketing - Email Marketing Tips
What Is Email Marketing - Email Marketing TipsEmailMarketingTips
 
How will GDPR affect your business - Marketing Fox & Birkett Long
How will GDPR affect your business - Marketing Fox & Birkett LongHow will GDPR affect your business - Marketing Fox & Birkett Long
How will GDPR affect your business - Marketing Fox & Birkett LongLouise Owens
 
Session 16 emarketing - 8 oct 10
Session 16 emarketing - 8 oct 10Session 16 emarketing - 8 oct 10
Session 16 emarketing - 8 oct 10Muhammad Talha Salam
 
A beginner’s guide to successful email marketing
A beginner’s guide to successful email marketingA beginner’s guide to successful email marketing
A beginner’s guide to successful email marketingsidfe2010
 
EU GDPR Changes: What do you need to know? - CommuniGator Seminar
EU GDPR Changes: What do you need to know? - CommuniGator SeminarEU GDPR Changes: What do you need to know? - CommuniGator Seminar
EU GDPR Changes: What do you need to know? - CommuniGator SeminarSpotler
 
Email Powerpoint 4.25.11
Email Powerpoint 4.25.11Email Powerpoint 4.25.11
Email Powerpoint 4.25.11amyshafer
 
Get Results With Email Marketing
Get Results With Email MarketingGet Results With Email Marketing
Get Results With Email MarketingGetResponse Email Marketing
 
Opt-in Email Marketing - Email-Marketing Tips
Opt-in Email Marketing - Email-Marketing TipsOpt-in Email Marketing - Email-Marketing Tips
Opt-in Email Marketing - Email-Marketing TipsEmailMarketingTips
 

Recommended

What Is Email Marketing - Email Marketing Tips
What Is Email Marketing - Email Marketing TipsWhat Is Email Marketing - Email Marketing Tips
What Is Email Marketing - Email Marketing TipsEmailMarketingTips
 
How will GDPR affect your business - Marketing Fox & Birkett Long
How will GDPR affect your business - Marketing Fox & Birkett LongHow will GDPR affect your business - Marketing Fox & Birkett Long
How will GDPR affect your business - Marketing Fox & Birkett LongLouise Owens
 
Session 16 emarketing - 8 oct 10
Session 16 emarketing - 8 oct 10Session 16 emarketing - 8 oct 10
Session 16 emarketing - 8 oct 10Muhammad Talha Salam
 
A beginner’s guide to successful email marketing
A beginner’s guide to successful email marketingA beginner’s guide to successful email marketing
A beginner’s guide to successful email marketingsidfe2010
 
EU GDPR Changes: What do you need to know? - CommuniGator Seminar
EU GDPR Changes: What do you need to know? - CommuniGator SeminarEU GDPR Changes: What do you need to know? - CommuniGator Seminar
EU GDPR Changes: What do you need to know? - CommuniGator SeminarSpotler
 
Email Powerpoint 4.25.11
Email Powerpoint 4.25.11Email Powerpoint 4.25.11
Email Powerpoint 4.25.11amyshafer
 
Get Results With Email Marketing
Get Results With Email MarketingGet Results With Email Marketing
Get Results With Email MarketingGetResponse Email Marketing
 
Opt-in Email Marketing - Email-Marketing Tips
Opt-in Email Marketing - Email-Marketing TipsOpt-in Email Marketing - Email-Marketing Tips
Opt-in Email Marketing - Email-Marketing TipsEmailMarketingTips
 
InMail best practices
InMail best practicesInMail best practices
InMail best practicesRyan Crawford
 
Email Mastery Guide
Email Mastery GuideEmail Mastery Guide
Email Mastery GuideAmuro Wesley
 
InMail sample to executive
InMail sample to executiveInMail sample to executive
InMail sample to executiveRyan Crawford
 
Email marketing Best Practices with Chad White
Email marketing Best Practices with Chad WhiteEmail marketing Best Practices with Chad White
Email marketing Best Practices with Chad WhiteSmart Insights
 
Travelodge GDPR Case Study
Travelodge GDPR Case StudyTravelodge GDPR Case Study
Travelodge GDPR Case StudySagittarius
 
InMail best practices
InMail best practicesInMail best practices
InMail best practicesRyan Crawford
 
Crash Course in email Marketing
Crash Course in email MarketingCrash Course in email Marketing
Crash Course in email MarketingJohn Johansen
 
The Hidden Metrics of Email Deliverability Webinar
The Hidden Metrics of Email Deliverability WebinarThe Hidden Metrics of Email Deliverability Webinar
The Hidden Metrics of Email Deliverability WebinarReturn Path
 
CASL One Year Later
CASL One Year Later CASL One Year Later
CASL One Year Later Return Path
 
Email marketing the easy way
Email marketing the easy wayEmail marketing the easy way
Email marketing the easy wayDeepakYadav1095
 
GDPR & The Opportunity
GDPR & The OpportunityGDPR & The Opportunity
GDPR & The OpportunitySagittarius
 
GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketingSpotler
 
DMA - DPC Workshop - 23 October 2013
DMA - DPC Workshop - 23 October 2013DMA - DPC Workshop - 23 October 2013
DMA - DPC Workshop - 23 October 2013Rachel Aldighieri
 
SMS and GDPR - what you need to know to be compliant
SMS and GDPR - what you need to know to be compliantSMS and GDPR - what you need to know to be compliant
SMS and GDPR - what you need to know to be compliantEsendex
 
PreSeed Academy #26 - Stine Mangor Tornmark (Legal Monster)
PreSeed Academy #26 - Stine Mangor Tornmark (Legal Monster)PreSeed Academy #26 - Stine Mangor Tornmark (Legal Monster)
PreSeed Academy #26 - Stine Mangor Tornmark (Legal Monster)PreSeed Ventures
 
e-Marketing Policy-Building Workshop
e-Marketing Policy-Building Workshope-Marketing Policy-Building Workshop
e-Marketing Policy-Building WorkshopMatt Vernhout
 
CASL is now in Effect! Are you Compliant?
CASL is now in Effect! Are you Compliant? CASL is now in Effect! Are you Compliant?
CASL is now in Effect! Are you Compliant? Inbox Marketer Corporation
 
GDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsGDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsPost Media
 
Opportunity or burden
Opportunity or burdenOpportunity or burden
Opportunity or burdenIRIS
 
Permission 6 13 finn thomsen
Permission 6 13 finn thomsenPermission 6 13 finn thomsen
Permission 6 13 finn thomsenHusetMarkedsforing
 
Email marketing masterclass june 2013
Email marketing masterclass june 2013Email marketing masterclass june 2013
Email marketing masterclass june 2013Octave Online Communications
 
How to Buy B2B data - Quick Guide
How to Buy B2B data - Quick GuideHow to Buy B2B data - Quick Guide
How to Buy B2B data - Quick Guidepfox80
 

More Related Content

What's hot

InMail best practices
InMail best practicesInMail best practices
InMail best practicesRyan Crawford
 
Email Mastery Guide
Email Mastery GuideEmail Mastery Guide
Email Mastery GuideAmuro Wesley
 
InMail sample to executive
InMail sample to executiveInMail sample to executive
InMail sample to executiveRyan Crawford
 
Email marketing Best Practices with Chad White
Email marketing Best Practices with Chad WhiteEmail marketing Best Practices with Chad White
Email marketing Best Practices with Chad WhiteSmart Insights
 
Travelodge GDPR Case Study
Travelodge GDPR Case StudyTravelodge GDPR Case Study
Travelodge GDPR Case StudySagittarius
 
InMail best practices
InMail best practicesInMail best practices
InMail best practicesRyan Crawford
 
Crash Course in email Marketing
Crash Course in email MarketingCrash Course in email Marketing
Crash Course in email MarketingJohn Johansen
 
The Hidden Metrics of Email Deliverability Webinar
The Hidden Metrics of Email Deliverability WebinarThe Hidden Metrics of Email Deliverability Webinar
The Hidden Metrics of Email Deliverability WebinarReturn Path
 
CASL One Year Later
CASL One Year Later CASL One Year Later
CASL One Year Later Return Path
 
Email marketing the easy way
Email marketing the easy wayEmail marketing the easy way
Email marketing the easy wayDeepakYadav1095
 
GDPR & The Opportunity
GDPR & The OpportunityGDPR & The Opportunity
GDPR & The OpportunitySagittarius
 

What's hot (11)

InMail best practices
InMail best practicesInMail best practices
InMail best practices
 
Email Mastery Guide
Email Mastery GuideEmail Mastery Guide
Email Mastery Guide
 
InMail sample to executive
InMail sample to executiveInMail sample to executive
InMail sample to executive
 
Email marketing Best Practices with Chad White
Email marketing Best Practices with Chad WhiteEmail marketing Best Practices with Chad White
Email marketing Best Practices with Chad White
 
Travelodge GDPR Case Study
Travelodge GDPR Case StudyTravelodge GDPR Case Study
Travelodge GDPR Case Study
 
InMail best practices
InMail best practicesInMail best practices
InMail best practices
 
Crash Course in email Marketing
Crash Course in email MarketingCrash Course in email Marketing
Crash Course in email Marketing
 
The Hidden Metrics of Email Deliverability Webinar
The Hidden Metrics of Email Deliverability WebinarThe Hidden Metrics of Email Deliverability Webinar
The Hidden Metrics of Email Deliverability Webinar
 
CASL One Year Later
CASL One Year Later CASL One Year Later
CASL One Year Later
 
Email marketing the easy way
Email marketing the easy wayEmail marketing the easy way
Email marketing the easy way
 
GDPR & The Opportunity
GDPR & The OpportunityGDPR & The Opportunity
GDPR & The Opportunity
 

Similar to Data Protection for Marketing Professionals

GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketingSpotler
 
DMA - DPC Workshop - 23 October 2013
DMA - DPC Workshop - 23 October 2013DMA - DPC Workshop - 23 October 2013
DMA - DPC Workshop - 23 October 2013Rachel Aldighieri
 
SMS and GDPR - what you need to know to be compliant
SMS and GDPR - what you need to know to be compliantSMS and GDPR - what you need to know to be compliant
SMS and GDPR - what you need to know to be compliantEsendex
 
PreSeed Academy #26 - Stine Mangor Tornmark (Legal Monster)
PreSeed Academy #26 - Stine Mangor Tornmark (Legal Monster)PreSeed Academy #26 - Stine Mangor Tornmark (Legal Monster)
PreSeed Academy #26 - Stine Mangor Tornmark (Legal Monster)PreSeed Ventures
 
e-Marketing Policy-Building Workshop
e-Marketing Policy-Building Workshope-Marketing Policy-Building Workshop
e-Marketing Policy-Building WorkshopMatt Vernhout
 
GDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsGDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsPost Media
 
Opportunity or burden
Opportunity or burdenOpportunity or burden
Opportunity or burdenIRIS
 
How to Buy B2B data - Quick Guide
How to Buy B2B data - Quick GuideHow to Buy B2B data - Quick Guide
How to Buy B2B data - Quick Guidepfox80
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018Human Capital Department
 
DMA 2014 Post Conference Email Certificaiton
DMA 2014 Post Conference Email CertificaitonDMA 2014 Post Conference Email Certificaiton
DMA 2014 Post Conference Email CertificaitonRyan Phelan
 
The power of the post
The power of the postThe power of the post
The power of the postJulie Stubbs
 
The power of the post
The power of the postThe power of the post
The power of the postJulie Stubbs
 
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
"GDPR - All You Need To Know" presentation from event Nov 16th in BerlinMailjet
 
How to get a double opt-in database
How to get a double opt-in databaseHow to get a double opt-in database
How to get a double opt-in databaseSpotler
 
Gratitude is the Attitude: Net Promoter Thank You Emails
Gratitude is the Attitude: Net Promoter Thank You EmailsGratitude is the Attitude: Net Promoter Thank You Emails
Gratitude is the Attitude: Net Promoter Thank You EmailsCustomerGauge
 
Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?Lauren Isaacs
 

Similar to Data Protection for Marketing Professionals (20)

GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketing
 
DMA - DPC Workshop - 23 October 2013
DMA - DPC Workshop - 23 October 2013DMA - DPC Workshop - 23 October 2013
DMA - DPC Workshop - 23 October 2013
 
SMS and GDPR - what you need to know to be compliant
SMS and GDPR - what you need to know to be compliantSMS and GDPR - what you need to know to be compliant
SMS and GDPR - what you need to know to be compliant
 
PreSeed Academy #26 - Stine Mangor Tornmark (Legal Monster)
PreSeed Academy #26 - Stine Mangor Tornmark (Legal Monster)PreSeed Academy #26 - Stine Mangor Tornmark (Legal Monster)
PreSeed Academy #26 - Stine Mangor Tornmark (Legal Monster)
 
e-Marketing Policy-Building Workshop
e-Marketing Policy-Building Workshope-Marketing Policy-Building Workshop
e-Marketing Policy-Building Workshop
 
CASL is now in Effect! Are you Compliant?
CASL is now in Effect! Are you Compliant? CASL is now in Effect! Are you Compliant?
CASL is now in Effect! Are you Compliant?
 
GDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsGDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc Michaels
 
Opportunity or burden
Opportunity or burdenOpportunity or burden
Opportunity or burden
 
Permission 6 13 finn thomsen
Permission 6 13 finn thomsenPermission 6 13 finn thomsen
Permission 6 13 finn thomsen
 
Email marketing masterclass june 2013
Email marketing masterclass june 2013Email marketing masterclass june 2013
Email marketing masterclass june 2013
 
How to Buy B2B data - Quick Guide
How to Buy B2B data - Quick GuideHow to Buy B2B data - Quick Guide
How to Buy B2B data - Quick Guide
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
 
DMA 2014 Post Conference Email Certificaiton
DMA 2014 Post Conference Email CertificaitonDMA 2014 Post Conference Email Certificaiton
DMA 2014 Post Conference Email Certificaiton
 
The power of the post
The power of the postThe power of the post
The power of the post
 
The power of the post
The power of the postThe power of the post
The power of the post
 
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
 
GDPR Tip Sheet
GDPR Tip SheetGDPR Tip Sheet
GDPR Tip Sheet
 
How to get a double opt-in database
How to get a double opt-in databaseHow to get a double opt-in database
How to get a double opt-in database
 
Gratitude is the Attitude: Net Promoter Thank You Emails
Gratitude is the Attitude: Net Promoter Thank You EmailsGratitude is the Attitude: Net Promoter Thank You Emails
Gratitude is the Attitude: Net Promoter Thank You Emails
 
Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?
 

Recently uploaded

Test Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxTest Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxsrikarna235
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementShubhiSharma858417
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Dr. Oliver Massmann
 
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSVIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSDr. Oliver Massmann
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书1k98h0e1
 
如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书Fir L
 
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝soniya singh
 
如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书Fir L
 
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxAn Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxKUHANARASARATNAM1
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书SD DS
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书SD DS
 
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxConstitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxsrikarna235
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书Fir sss
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书SD DS
 
如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书 如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书Fir sss
 
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书FS LS
 
Key Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesKey Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesHome Tax Saver
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...shubhuc963
 
Arbitration, mediation and conciliation in India
Arbitration, mediation and conciliation in IndiaArbitration, mediation and conciliation in India
Arbitration, mediation and conciliation in IndiaNafiaNazim
 

Recently uploaded (20)

Test Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxTest Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptx
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
 
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSVIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A History
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
 
如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书
 
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
 
如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书
 
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxAn Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
 
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxConstitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
 
如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书 如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书
 
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
 
Key Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesKey Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax Rates
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...
 
Arbitration, mediation and conciliation in India
Arbitration, mediation and conciliation in IndiaArbitration, mediation and conciliation in India
Arbitration, mediation and conciliation in India
 

Data Protection for Marketing Professionals

  • 1. GDPR 101 for Marketers: Your Questions Answered! 9 March 2018 James Boyle – Associate Solicitor T: 01223 225028 E: james.boyle@taylorvinters.com
  • 2. The GDPR • It’s a monster – regulates all personal data. • Covers how we collect, use, store, share and delete personal data. • Applies irrespective of whether: – We are dealing with consumers or businesses. – We are using the data for marketing purposes or other reasons.
  • 3. The Privacy & Electronic Communications Regulations • Sets out when we can send marketing emails and text messages to consumers, sole traders and some partnerships (“B2C”). • Most marketing fines we see are actually for breaches of the PECRs rather than the Data Protection Act/GDPR.
  • 4. What is a marketing email? [specific examples discussed on 9 March 2017]
  • 5. What is not a marketing email? [specific examples discussed on 9 March 2017]
  • 7. The Data Processing Conditions • Before we can use anyone’s data, we need to satisfy a processing condition. There are six: – Consent – Because there’s a contract in place – Because it’s in our legitimate interests – Because it’s to comply with a legal obligation – To protect the vital interests of the data subject (think paramedics at the scene of an emergency) – To perform a task in the public interest
  • 8. Which processing condition? • All 6 processing conditions are theoretically available to us for marketing purposes under the GDPR. • The PECRs restrict which processing conditions we can use for electronic marketing to consumers. • Practical reality means only a few processing conditions are relevant for marketers.
  • 9. Which processing condition for marketing? GDPR PECRs Consent Any channel Contract Legitimate Interests Any channel Legal Obligation Vital Interests Public Interest B2C Email and SMS must have consent, unless the soft opt-in applies Relevance? Likely to be consent anyway due to clarity requirements B2C Email and SMS ok if you establish a soft opt-in Relevance? Likely to be consent anyway due to clarity requirements Relevance? Likely to be consent anyway due to clarity requirements Relevance? Likely to be consent anyway due to clarity requirements
  • 10. The soft opt-in • For existing customers or someone who has shown an interest in the business, you can send them marketing texts or emails if: - you obtained their details during a sale or negotiations for a sale to them - you are only marketing your own similar products or services (not those of a third party or group company) - you gave the person a simple opportunity to refuse or opt out of marketing at the time you collected their information - Be careful using the soft opt-in, there is a new piece of legislation coming in (the e-Privacy Regulation) which may change when we can use it.
  • 11. Which processing condition am I using? Consent Legitimate Interests Post If you collected an opt- in, whether B2B or B2C. If you offered an opt-out or nothing at all, for B2B or B2C. Always screen against the MPS! Email & SMS If you complied with the soft opt-in - PECRs apply to these channels for B2C. If you didn’t get an opt-in from your B2B contacts. Telephone If you offered an opt-out or nothing at all. Always screen against the TPS!
  • 13. I’m using consent, now what? • PECRs say you need consent, but the GDPR sets the requirements for that consent. Do you meet it? – Freely given? not forced to give it – Specific? identifies relevant channels – Informed? identifies what will be sent – Not bundled or hidden? separate opt-in mechanism – Positive action? silence does not = consent • Consent doesn’t last forever – is your opt-in fewer than 2 – 3 years old?
  • 14. I’m using consent, now what? • Met all of those requirements? Great! Sit back and chill out, until the 2 – 3 year time period impacts you… • If no, consider refreshing that consent via a re- permissioning campaign, upgrading the consent to the GDPR standard and “resetting” the opt-in time.
  • 15. How are others handling consent • For legacy, but GDPR standard consent, there are no recorded fines for failing to “re-permission” – some are taking the risk by doing nothing. • Others are carrying out a re-permissioning campaign – the risk here is that people complain to the ICO about the re-permissioning email. • Let’s talk about what re-permissioning looks like:
  • 16. Top tips for re-permissioning • If you say: we will continue to contact you unless you opt out, that is not enough to collect GDPR standard consent. It needs to be we won’t contact you unless you opt-in [by clicking here]. • Segment your data – is there any value in re- permissioning those who haven’t opened an email from you in the last 18 months? These recipients are also more likely to complain.
  • 17. Top tips for re-permissioning (cont.) • Make the email fun and engaging – you need to encourage people to open it and opt in. • Opt-in rates from re-permissioning are between 20% and 50%. • Make sure you record who opted in, when and how they did it, to meet the new GDPR record keeping requirements.
  • 19. How are others handling legitimate interests? • Risk averse approach - move to consent: – B2B contacts first receive a “privacy receipt” – B2C consent campaign • Stay with legitimate interests – make sure you have a retention period. It will not be okay under the GDPR to market to people indefinitely.
  • 20. Legitimate interests: the balancing test • Because it is so easy to say: marketing is in our legitimate interest, we can only use data in that way if it doesn’t unfairly impact on recipients’ privacy rights. • Use a Privacy Impact Assessment to work this out.
  • 21. Legitimate interests: potential practical changes • Enhancing security • Moving to consent instead • Using “privacy receipts” • Setting retention periods • Narrowing the scope of the marketing we send – particular companies/sectors only
  • 22. The legal effect of an unsubscribe
  • 23. Consent Legitimate Interests Post If you collected an opt- in, whether B2B or B2C. If you offered an opt-out or nothing at all, for B2B or B2C. Email & SMS If you complied with the soft opt-in - PECRs apply to these channels for B2C. If you didn’t get an opt-in from your B2B contacts. Telephone If you offered an opt-out or nothing at all. UNSUBSCRIBE = CONSENT WITHDRAWN UNSUBSCRIBE OR ON PREF. SERVICE = FAIL BALANCING TEST UNSUBSCRIBE = FAIL BALANCING TEST UNSUBSCRIBE OR ON PREF. SERVICE = FAIL BALANCING TEST The legal effect of an unsubscribe
  • 25. Whilst we all agree with the spirit of GDPR (and PECR for that matter), if you're a small company with minimal lead acquisition budget, how can you get off the ground? For e.g. joining member business networking bodies - you can't necessarily email members to introduce yourself and your business - or can you? Lists are often too expensive. How do you get the volume in a database you need to start putting content in front of it, engaging on social etc. There is a limited time for a small business to build traction. What is the best/compliant plan?
  • 26. If you're a small company with minimal lead acquisition budget, how can you get off the ground? For e.g. joining member business networking bodies - you can't necessarily email members to introduce yourself and your business - or can you? • The PECRs don’t apply to B2B electronic marketing, so you can identify leads via LinkedIn or your own internet research and contact them by email or SMS. • Think about other channels – telephone and postal introductions can be made (but always screen against the TPS). • Think about how the initial email contact will “look” – draft it carefully because an uninvited B2B email (although generally permitted) may irritate the recipient.
  • 27. Lists are often too expensive. How do you get the volume in a database you need to start putting content in front of it, engaging on social etc. There is a limited time for a small business to build traction. What is the best/compliant plan? • You can create a database of leads using your own research rather than buying in lists – these leads are likely to be higher quality too. • What the best/compliant plan? • Make sure you are being clear about how you use people’s information in your privacy policy • Be as clear as possible in your marketing emails around how people can unsubscribe – does a particular link unsubscribe them from a category of marketing emails, or all marketing emails from you?