Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Data Rights and Privacy - Mark Gracey


Published on

Mark Gracey's slides from the dmsso17 workshop day

Published in: Marketing
  • Be the first to comment

  • Be the first to like this

Data Rights and Privacy - Mark Gracey

  1. 1. Data rights and privacy: what the GDPR means for your marketing Mark Gracey
  2. 2. Welcome - Mark Gracey Founder, Flavourfy Digital & Digital Compliance Hub
  3. 3. What’s GDPR & what does it mean for marketing? Do I need to worry about it? What do I do to comply? GDPR Compliance
  4. 4. About Data Protection
  5. 5. Key Data Protection Definitions - Personal Data Processing Data Subject Data Controller Data Processor
  6. 6. The Principles of Data Protection - Lawful, fair & transparent Specific purpose Relevant Accurate Retention Individuals' rights Security International transfer
  7. 7. Lawfulness of processing - Data Subject has given consent Required for performance of a contract Legal obligation To protect interests of the Data Subject In the public interest Legitimate interests of the Data Controller
  8. 8. The GDPR
  9. 9. GDPR: What’s changing? - GDPRScope Definition Children Consent Rights Accountability By Design DPOs Breaches Fines
  10. 10. GDPR & Marketing
  11. 11. Marketing compliance in the UK - Data Protection • lawful basis for processing Privacy Regs • marketing rules Marketing Compliance
  12. 12. GDPR challenges for marketing - Consent Third Party Data Legacy Data Ongoing Management
  13. 13. GDPR challenges Consent Consent of a data subject is defined in the GDPR as “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;“. Clear messaging Positive opt-in Consent without detriment Data sharing Consent withdrawal Recording GDPR challenges for marketing -
  14. 14. Third Party Data Carry out due diligence on provider and source Appropriate consent and proof? Record your approach and findings GDPR challenges for marketing -
  15. 15. - Legacy Data Does your data meet the new GDPR consent rules? Can you lawfully re- verify consent? An opportunity to refresh your data? Record your approach and findings GDPR challenges for marketing -
  16. 16. GDPR challenges Ongoing Management Regular data quality & consent refresh Make it easy for consent withdrawal Act on withdrawal of consent immediately & remember Document your approach Make sure your team are trained in the ways of the GDPR GDPR challenges for marketing -
  17. 17. Sole traders, partners •Treated as personal data •GDPR rules apply Individuals in business •Treated as personal data •PECR rules apply to marketing •needs to be relevant •provide opt-out Generic business data •GDPR doesn't apply •PECR rules apply to marketing •provide opt-out Business data GDPR & B2B -
  18. 18. Business data Data Protection Act •Contractual relationship with controller •All responsibility lies with controller GDPR •Controller’s due diligence requirements •Wider contractual relationship with controllers •Recording of processing •Reporting of breaches to controller •Joint responsibility & processor’s own liability What if you’re a processor? -
  19. 19. Data Protection Compliance
  20. 20. Prepare • Know the GDPR • Get senior buy-in • Set up a working group Audit • Data • Systems • Policies Analyse • The state of your data • Policy updates • System changes Deliver • Action plan • Employee training Manage • Ongoing compliance • Keep up to date Preparing for the GDPR -
  21. 21. Security Training Policies Review User Rights Effectively managing your GDPR compliance will not only protect your business but will instill trust and confidence in your customers and future customers Managing compliance -
  22. 22. ePrivacy Regulations Data Protection Bill ICO Consent Guidance Marketing Compliance 2018 & Beyond A29WP Consent Guidance EnforcementBrexit But… what else? -
  23. 23. Getting compliance right - Appoint someone to take responsibility and act as a single point of contact Audit your data, systems and policies Document your approach to data protection & put policies in place Provide internal documentation and guidance Train your staff Maintain your compliance & keep up to date
  24. 24. Data Protection & GDPR Privacy & Marketing Web, Data & Cyber Security Info, guidance, toolkits, advice, support & training 20% off! Use code dmsso17 before 30th November Digital Compliance Hub – managing your compliance -
  25. 25. Compliance Audits Management Consultancy & Advice Training Digital Compliance Hub Flavourfy Digital Consultancy -
  26. 26. ? Mark Gracey Question Mark