Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

GDPRs, those Pesky Peckers and the E-mail Trail : a look at the law and what it means for e-mail marketing by Tracey O'Connell

69 views

Published on

Digital Marketing Summit Southampton 2018, Tracey O'Connell, Southampton, #Dmsso18, #DMSSO, #DigitalMarketing @_Lawpoint

Published in: Law
  • Be the first to comment

  • Be the first to like this

GDPRs, those Pesky Peckers and the E-mail Trail : a look at the law and what it means for e-mail marketing by Tracey O'Connell

  1. 1. The e-mail trail: GDPRS and those Pesky Peckers
  2. 2. Housekeeping • Welcome • Lawpoint - Tracey and team • Consents !!! • All about e-mail marketing • Slides will be available on www.law-point.co.uk next week - website code: Wx3!r7F - will announce on twitter – follow us @_Lawpoint • Questions – at end / coffee after Tracey/ Alison
  3. 3. Contents PART 1 – Who are the players and what’s happening PART 2 – Bigger legal picture PART 3 – GDPRs PART 4 – Those pesky PECKERS !!! PART 5 – Consent PART 6 – E-mail marketing models PART 7 – DMC Client perspective PART 8 – Summary
  4. 4. Who are the players and what’s happening? PART 1
  5. 5. Who are the players and what’s happening (1)?
  6. 6. Who are the players and what’s happening?(2)? Model 1 – Client outsources e-mail marketing to DMC CLIENT DMC RECIPENTContact database
  7. 7. The legal bigger picture PART 2
  8. 8. Bigger Picture – 2 laws – GDPRs and Pesky Peckers GDPR • About personal data to send the email to the relevant audience (contact database) • Legal roles- processor/ controller • Audience = data subject – any individual • DM permissible !!! But ,,,, pecrs • If consent is required under PECRS then GDPR rules on consent apply. PECRS • Not about personal data • The act of sending direct marketing comms • Distinguishes between individuals/ corporate subscribers [ watch this space!] • Consent required from ind to send the email
  9. 9. GDPRs PART 3
  10. 10. GDPRs (1) - Contact database • It’s all about personal data and GDPR legal grounds (later!!) for using personal data to market • Personal data and emails: names and emails [other] re: recipients • No ownership in personal data • Separate intellectual property rights (e.g database rights) • Emails –personal data? - traceyoconnell@Hotmail.co.uk - yes - barbar@busties.wanadoo.co.uk – if can be matched to tracey by some- one else/ anyone else [ who would go through list to find all of these non identifiable ones and ensure no database to link to name] • Roles – DC/ DP
  11. 11. GDPRs (2) Legal data protection roles
  12. 12. GDPRs (3) - labels Data Controller Data Processor Data Subject the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; Decides what data is being collected and why it is being collected a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller Does what the controller tells it to do with the data ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’) Individual which data relates to
  13. 13. GDPRs (4) Model 1 with data protection labels CLIENT DMC RECIPENTContact database DC DP DS
  14. 14. GDPRs (5) – legal grounds – data controller But………..remember those pesky Peckers …. Relevant legal grounds for using personal data for direct marketing Consent Legitimate Interest Legal grounds 6 legal grounds Must choose one of them
  15. 15. Pesky Peckers PART 4
  16. 16. Those pesky Peckers (1)….. • The Privacy and Electronic Communications Regulations 2003 • Deal with Direct marketing/ Cookies and other stuff! • Why are they pesky? - they apply in addition to the GDPR – say when consent is needed - they are about to change - grrrrrr!!!!
  17. 17. PECRs (2) Consent – relationship with GDPRS PECRS Say WHEN consent is needed when you are direct marketing Current law: GDPRS Say WHAT the standard of consent is. There is a legal definition: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her” GDPR Article 4 (definitions) Individual Opt in Cannot send unless they say you can Corporate Subscriber Opt out Can send unless they say you can’t. Law does not use opt in /opt out, but ICO does
  18. 18. PECRs (3) Consent – When is it needed to send marketing emails?– current law Consumer/unincorporated partnership/ sole trader barbar@busties@btinternet.com tracey@law-point.co.uk (if not limited) Corporate subscriber tracey@law-point.co.uk (if limited) Opt in Opt Out Soft opt –in (obtained contact details of the recipient in the course of) • For providing goods and services • Negotiation for sale Doesn’t apply to individuals PECRS are silent BUT ICO guidance says opt-out
  19. 19. PECRs (4) – When is consent needed to send marketing emails?– new law Consumer/unincorporated partnership/ sole trader barbar@busties@btinternet.com tracey@law-point.co.uk (if not limited) Corporate subscriber tracey@law-point.co.uk (if limited) Opt in Opt Out Soft opt –in (obtained contact details of the recipient in the course of) • For providing goods and services • Negotiation for sale Doesn’t apply to individuals PECRS are silent BUT ICO guidance says opt-out
  20. 20. What does opt-in consent mean? PART 5
  21. 21. Consents – what does “opt-in” mean? Please tick here to receive marketing emails from DMC about DCM’s services [ ] Please tick here to receive marketing emails from DMC about DCM’s services [ ] If you don’t want to receive marketing emails from DMC about DCM’s services please tick here [ ] If you don’t want to receive marketing emails from DMC about DCM’s services please tick here [ ]
  22. 22. Model 1 summary DC DP DS Consent
  23. 23. E-mail Marketing Models PART 6
  24. 24. Model 2 – Client buys e-mail list from DMC
  25. 25. Model 2 - Client buys email list from DMC DMC CLIENT RECIPENT DC
  26. 26. Model 2(b) – Client rents e-mail list from DMC
  27. 27. Model 2 (b) – Client rents email list from DMC Renting Consent DC
  28. 28. Model 3 – DMC markets client business to market by selling advertising space on email to DMC contacts
  29. 29. DC DS Model 3 – DMC markets client business to market by selling advertising space on email to DMC contacts Consent BUT….
  30. 30. Email content eg: CAP code, un-subscribe, company details Contract
  31. 31. DMC Client Perspective PART 7
  32. 32. The DMC client perspective • Client awareness varies - sometimes mis-informed (an opportunity?) : generally an increased awareness of - Consent risk - Liability - Buying third party lists • More focus on contracts • GDPR legal position will depend on “what’s happening” • What are you doing: - lead generation - campaign management
  33. 33. Summary PART 8
  34. 34. Summary Don’t let go of the until all the pieces are in place! If you know who’s doing what and what’s happening you’ll be in a better position to manage clients expectations, the contracting process and the risks associated with your e-mail marketing model.
  35. 35. Law point services • Contract/ terms and conditions drafting, reviewing and negotiation • Training – on-site/ off- site • Outsourced in-house lawyer • Outsourced DPO • Data protection advice and policies • Risk management Digital Law Scrum ….. and Bacon !!!! www.law-point.co.uk

×