Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Customer data and the new EU privacy law - May2016

508 views

Published on

Under the new EU law, international business that do not handle Personal Data of EU citizens correctly may be fined up to 4% of global revenues.
The grace period for adapting processes to comply with the law begins 25 May 2016 and ends 25 May 2018.
This presentation explains why *all* customer data counts as "personal information".
Written by an EU marketer for non-EU marketrs in international business. Enjoy.

Published in: Marketing
  • Be the first to comment

Customer data and the new EU privacy law - May2016

  1. 1. Customer Data and the new EU Privacy Law Key facts for marketers in international business Version: 18 May 2016
  2. 2. Executive summary 1. Safest policy is to treat all EU customer data as Personal Information 2. For incorrect handling of Personal Information of EU citizens: Fines up to 4% of global revenues 3. Grace period for making processes compliant: until May 2018
  3. 3. Context • International business selling into the EU • B2B & B2C • Marketing & Sales processes • Data about EU Prospects & Customers 18/05/2016 Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401 3
  4. 4. Warning! This version: May 2016 • Written by an EU Marketer (not a lawyer) for non-EU Marketers • Highlights issues, impacts & options • This does not constitute a legal opinion or legal advice • Use at your own risk / verify with your corporate counsel 18/05/2016 Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401 4
  5. 5. Marketing objectives Build trust – the foundation for face-to-face selling • Promote products & services • Gain permission for personalised, one-to-one communication • Identify individual needs • Provide each Contact with relevant information about solutions 18/05/2016 Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401 5
  6. 6. PII = Personally Identifiable Information Definition in Europe: information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context See GDPR, Article 4(1) for precise text 18/05/2016 Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401 6
  7. 7. PII = Personally Identifiable Information Definition in the USA: any information that can distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, biometrics any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information NIST SP 800-122 18/05/2016 Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401 7
  8. 8. PII in Marketing Practice Mr. James Bond This is not necessarily PII • Firstname Lastname does not always identify a single individual 18/05/2016 Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401 8
  9. 9. PII in Marketing Practice • Universal Exports • Caribbean Department • Company Fax: +44 020 1234567 • Web: www.universalex.com These are not PII • Alone or in combination, they cannot identify a single individual 18/05/2016 Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401 9
  10. 10. PII in Marketing Practice • Business Development Manager • Caribbean Department • Universal Exports Ltd. • London This may be PII • A combination of information that may identify an individual • For example: if there is only one Business Development Manager in the Caribbean Department of Universal Exports, London. 18/05/2016 Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401 10
  11. 11. PII in Marketing Practice • Tel: +44 020 123456 xt 007 • Email: james.bond@universalexport.co.uk These are definitely PII • Each can be used on its own to identify a single person 18/05/2016 Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401 11
  12. 12. PII in Marketing Practice This is definitely PII • In this context, all data points help to identify a single person Mr. James Bond Business Development Manager Caribbean Department Universal Exports Ltd. 85 Albert Embankment, London SE1 1BD T: +44 020 123456 xt 007 F: +44 020 1234567 E: james.bond@universalexport.co.uk W: www.universalexport.com 18/05/2016 Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401 12
  13. 13. This is definitely PII, too In this context, all data points refer to the identity of a single person PII in Marketing Practice 18/05/2016 Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401 13
  14. 14. This is not PII PII in Marketing Practice 18/05/2016 Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401 14
  15. 15. This is PII • What individual people think • Privately or professionally NOTE: pseudonymised, but can be linked to the individual via the ID PII in Marketing Practice 18/05/2016 Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401 15
  16. 16. This is PII • What people do privately NOTE: pseudonymised, but can be linked to the individual via the ID PII in Marketing Practice 18/05/2016 Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401 16
  17. 17. This is PII • What people do professionally NOTE: pseudonymised, but can be linked to the individual via the ID PII in Marketing Practice 18/05/2016 Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401 17
  18. 18. These are also PII If you know ‚who does what‘ • even if pseudonymised • even if encrypted PII in Marketing Practice 18/05/2016 Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401 18 metadata cookies online behaviour website clicks
  19. 19. PII in Marketing Practice Connecting non-PII data to PII makes it PII, too Drink: Vodka Martini Vacation: St Moritz Sport: Ski-ing In this context, the data enriches the knowledge of a single person
  20. 20. This is SPI [Sensitive Personal Information] • Health, religion, political opinion, sexual preference, union membership, etc. • Best avoided in B2B Marketing Memo: From: Medical Officer To: M Health Report: For Your Eyes Only RE: Bond, James / 007 This officer smokes 40 filterless cigarettes a day and consumes 90 units of alcohol per week - more than is good for him. He ignores professonal advice and is, I believe, running a serious risk of long-term damage to lungs and liver. PII in Marketing Practice
  21. 21. Conclusions Digital customer records: • Enable personalised communication • Make marketing more effective • Prepare for face-to-face selling 18/05/2016 Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401 21
  22. 22. Conclusions But - digital records of EU contacts • Are covered by EU Privacy Law • Proof of Contact permission is required (documented double opt-in & datestamp) 18/05/2016 Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401 22
  23. 23. Conclusions • If a file contains information that identifies individuals, the entire file is potentially PII • If data is linked to a file that identifies individuals, the data is PII, too • What people think and do online is PII (click behaviour, metadata) 18/05/2016 Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401 23
  24. 24. Recommendations • Simple policies are easy to remember • The safest privacy policy is: Treat all EU Customer data as Personally Identifiable Information 18/05/2016 Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401 24
  25. 25. Issues, Impacts & Options www.andrewsanderson.eu a marketing blog for international business Andrew Sanderson | as@ansaco.de | +49 06223 9346 3401

×