The document provides an overview of a data protection seminar, including:
- The agenda which covers understanding data protection law, practical tips for marketers, and a question period.
- An introduction to why data protection is important for protecting information, avoiding reputational damage, making good business sense, and avoiding enforcement actions.
- A summary of the key aspects of the Data Protection Act 1998 and Privacy and Electronic Communications Regulation 2003, including definitions, principles, and rules regarding marketing communications.
- Practical tips for marketers regarding data capture, obtaining permissions, and regaining lost permissions in compliance with regulations.
Social business software is all about sharing content and data in a “collaborative” way to identify internal or external experts. Most of these data must be considered as personal data which is related to an individual person.
Implementing social business technologies in enterprises often leads to discussion with data protection supervisors how to be compliant with EU data protection law. This discussion gets even more challenging if you consider using social business applications in “the cloud” which might the only choice in the near future due IBMs “Cloud First” or Microsoft’s “Cloud only” delivery model.
This session will give you an overview
- about EU data protection regulations
- its implications for using social business systems
- special considerations for using cloud based social business systems
ABM Display Advertising Success in the World of GDPR [PPT]Kwanzoo Inc
In this webinar, see the specific impacts of GDPR on B2B companies as they plan, budget, launch and measure success from ABM advertising programs that reach and engage the 500 Million+ citizens of EU countries and the UK. Our panel of experts will cover the IT, Legal, Marketing, Data and Technology Provider side of GDPR compliance. All of these dimensions need to be addressed as you plan for the world of GDPR.
Be careful what you wish for! How the GDPR even now it has been finalised may not solve the key problems of rthe tech community of what is personal data and what is anonymised/pseudonymous.
Slides from Data Protection 2017 given by Gavin Starks
"That culture is always left to the end in technology revolutions. Make no mistake, the web of data is a revolution: but it has very little to do with new technology. Learn about the cultural impacts and business models that will help you navigate in a data-driven world."
https://dma.org.uk/event/data-protection-2017
Natasha longon - LAC 2017 - Data protection regulations: Are you at risk?iGB Affiliate
Following the recent crack-down from the Information Commissioner’s Office on affiliates regarding the use of personal data in marketing campaigns, it has never been more important to ensure that you know what legal standards you must adhere to. This session will provide the legal insight to ensure that your data use is not putting you at risk and that you’re protected for the future.
Managing users data according to legal standards
Terms around emailing and using data
Key measures all affiliates must have in place
Social business software is all about sharing content and data in a “collaborative” way to identify internal or external experts. Most of these data must be considered as personal data which is related to an individual person.
Implementing social business technologies in enterprises often leads to discussion with data protection supervisors how to be compliant with EU data protection law. This discussion gets even more challenging if you consider using social business applications in “the cloud” which might the only choice in the near future due IBMs “Cloud First” or Microsoft’s “Cloud only” delivery model.
This session will give you an overview
- about EU data protection regulations
- its implications for using social business systems
- special considerations for using cloud based social business systems
ABM Display Advertising Success in the World of GDPR [PPT]Kwanzoo Inc
In this webinar, see the specific impacts of GDPR on B2B companies as they plan, budget, launch and measure success from ABM advertising programs that reach and engage the 500 Million+ citizens of EU countries and the UK. Our panel of experts will cover the IT, Legal, Marketing, Data and Technology Provider side of GDPR compliance. All of these dimensions need to be addressed as you plan for the world of GDPR.
Be careful what you wish for! How the GDPR even now it has been finalised may not solve the key problems of rthe tech community of what is personal data and what is anonymised/pseudonymous.
Slides from Data Protection 2017 given by Gavin Starks
"That culture is always left to the end in technology revolutions. Make no mistake, the web of data is a revolution: but it has very little to do with new technology. Learn about the cultural impacts and business models that will help you navigate in a data-driven world."
https://dma.org.uk/event/data-protection-2017
Natasha longon - LAC 2017 - Data protection regulations: Are you at risk?iGB Affiliate
Following the recent crack-down from the Information Commissioner’s Office on affiliates regarding the use of personal data in marketing campaigns, it has never been more important to ensure that you know what legal standards you must adhere to. This session will provide the legal insight to ensure that your data use is not putting you at risk and that you’re protected for the future.
Managing users data according to legal standards
Terms around emailing and using data
Key measures all affiliates must have in place
What changes with the EU Data Protection Regulation for Gambling CompaniesGiulio Coraggio
The General Data Protection Regulation is a massive change for both gaming and gambling operators and suppliers, also introducing sanctions up to 4% of the global turnover of the breaching entity for privacy breaches.
MyComplianceOffice presents our Oct 26th webinar, “ Prepare Your Firm for GDPR", co-hosted by MCO and Emily Mahoney a Technology Lawyer at Mason Hayes & Curran
GDPR – what does it mean for charities and what you need to consider - Iain P...m-hance
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, The European Council and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). EU members have until May 2018 to ensure that they are fully compliant with the new regulation. Regardless of Brexit, organisations in the UK that collect and use personal data will need to comply. In this slide deck Iain gives an overview of GDPR, what the requirements mean for charities and what charities need to consider to be compliant
For more information visit https://www.brightpay.co.uk
The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 with the aim of protecting all EU citizens from privacy and data breaches in an increasingly data driven world.
Employers process large amounts of personal data, not least in relation to their customers and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
In this webinar, we will peel back the legislation to outline clearly:
What is GDPR and why is it being implemented?
Why employers need to take it seriously
How to prepare for GDPR
How we are working to help you
Introduction to EU General Data Protection Regulation: Planning, Implementat...Financial Poise
The GDPR changed the way the world collects, stores, and sends personal data. The GDPR is a broad EU regulation that requires businesses to protect the personal data of EU citizens, whether the business itself is in the EU or elsewhere. Since its implementation in 2018, companies that collect data on EU citizens must comply with strict rules for the protection of personal data or face heavy fines for non-compliance. This webinar will provide an overview of GDPR’s applicability and requirements, as well as how your organization may meet those standards.
This breakfast club focused on the new Data Protection regime covering what the new regime will entail and what to be thinking about now in order to be ready for the new regulations.
https://www.brownejacobson.com/sectors-and-services/sectors/public-sector
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
The GDPR changed the way the world collects, stores, and sends personal data.The GDPR is a broad EU regulation that requires businesses to protect the personal data of EU citizens, whether the business itself is in the EU or elsewhere. Since its implementation in 2018, companies that collect data on EU citizens must comply with strict rules for the protection of personal data or face heavy fines for non-compliance. This webinar will provide an overview of GDPR’s applicability and requirements, as well as how your organization may meet those standards.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-eu-general-data-protection-regulation-planning-implementation-and-compliance-2021/
General Data Protection Regulation (GDPR) for Identity ArchitectsWSO2
https://wso2.com/solutions/regulatory-compliance/gdpr/
The EU General Data Protection Regulation (GDPR) has many identity architects uniquely positioned to help their organizations to comply with the ruling.
Effective from 25th May 2018, the regulation 2016/679 of the European parliament and of the council, replaces the Data Protection Directive 95/46/EC and is designed to harmonize data privacy laws across Europe. It aims to protect and empower all EU residents' data privacy and to reshape the way organizations across the region approach data privacy. GDPR is also quite prominent due to the heavy penalties introduced for violators — which could be as much as 4% of the annual global turnover or €20 million (whichever is greater).
In this webinar we will discuss all technical aspects of the regulation and what steps you as an identity architect can take to ensure that your security strategy is primed for GDPR.
For more information visit https://www.brightpay.co.uk
The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 with the aim of protecting all EU citizens from privacy and data breaches in an increasingly data driven world.
Employers process large amounts of personal data, not least in relation to their customers and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
In this webinar, we will peel back the legislation to outline clearly:
What is GDPR and why is it being implemented?
Why employers need to take it seriously
How to prepare for GDPR
How we are working to help you
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
Slideshow from GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Directors, IT Directors & Ops Directors, on 7th March 2018 at Hilton Puckrup Hall
Gdpr demystified - making sense of the regulationJames Mulhern
Slightly out dated introduction to GDPR, that tries to move away from the headlines on fines and emphasises the global nature of the regulation, the numerous forms of lawful processing and the absolute need to manage privacy and be transparent. Goes on to show how using public cloud can help solve part of the problem.
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersSpain-Holiday.com
What is GDPR? As a holiday rental property owner, Airbnb host or holiday rental agent, why does it matter to you?
You don't need to work at a large internet company like Facebook, Google or Amazon to be affected, or responsible for data protection.
As part of the travel & tourism industry, you probably have personal data on your guests such as name and email address at the very least. You may also have highly sensitive data such as financial details, date of birth and passport details.
The introduction of the new privacy regulation called the GENERAL DATA PROTECTION REGULATION, or GDPR, comes into effect from 25th May 2018.
This webinar aims to help you understand what your obligation in how you deal with the data from the customers, the penalties and risks for non-compliance and, most importantly, a step by step roadmap to becoming GDPR compliant as a small business owner in the holiday rental industry.
Alongside tips and practical advice, the webinar will explore the opportunities that the introduction of the new data protection law can have for you in the travel & tourism industry.
The presentation agenda will cover:
Introduction and overview to GDPR
GDPR and the Holiday Rental Industry
GDPR and You - Responsibilities, risks and benefits
Roadmap to GDPR compliance
GDPR applies to all businesses and organisations, big or small, offering products or services to citizens in the EU. Show your customers that you are committed to treating their personal data with respect and consideration by understanding how to become GDPR-ready for 25th May 2018.
On 25 May 2018 the new General Data Protection Regulation (GDPR) will come into force, replacing all existing data protection regulations.
Payroll bureaus process large amounts of personal data in relation to their customers, their customers’ employees, and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
BrightPay hosted a free CPD accredited webinar alongside Bright Contracts where we discussed everything that accountants, bookkeepers and payroll bureaus need to know about GDPR.
For more information visit https://www.brightpay.co.uk
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
Similar to An introduction to data protection - 2/09/2015 (20)
Checkout Abandonment - CRO School by Mailmodosaba771143
Fear of abandonment’ means a whole different thing in eCommerce.
Because the loss is tangible. And felt right in your pocket.
But that also means there are real things you could fix.
One of the final stages of shopping abandonment occurs is the checkout page.
Which means it impacts your bottom line directly.
So here’s a rundown of:
→ Reasons shoppers abandon the checkout process
→ How other brands cope with these issues
→ Actionables to fix your checkout flow
Do it right, and you’ll feel the change in your revenue.
This is a part of our CRO School series - to help you fix the revenue leaks in your eCommerce store.
Sign up for CRO School and get these insights right in your inbox
(Visit the link to enroll ->https://www.mailmodo.com/cro-school/?utm_source=cro-school&utm_medium=slideshare )
#ecommerce
#cro
#cart
#abandonement
#checkout
#email
#course
#conversion
Capstone Project: Luxury Handloom Saree Brand
As part of my college project, I applied my learning in brand strategy to create a comprehensive project for a luxury handloom saree brand. Key aspects of this project included:
- *Competitor Analysis:* Conducted in-depth competitor analysis to identify market position and differentiation opportunities.
- *Target Audience:* Defined and segmented the target audience to tailor brand messages effectively.
- *Brand Strategy:* Developed a detailed brand strategy to enhance market presence and appeal.
- *Brand Perception:* Analyzed and shaped the brand perception to align with luxury and heritage values.
- *Brand Ladder:* Created a brand ladder to outline the brand's core values, benefits, and attributes.
- *Brand Architecture:* Established a cohesive brand architecture to ensure consistency across all brand touchpoints.
This project helped me gain practical experience in brand strategy, from research and analysis to strategic planning and implementation.
Enhancing a Luxury Furniture E-commerce Store with Expert Shopify ManagementSunTec India
SunTec India's expertise in Shopify store management has been a game-changer for a luxury furniture e-commerce business. Through meticulous optimization of product listings, strategic SEO practices, and an enhanced user experience, this case study details the successful outcomes of their collaboration, including increased traffic, higher conversion rates, and stronger brand presence.
Read more- https://shorturl.at/yl3MU
Mastering Dynamic Web Designing A Comprehensive Guide.pdfIbrandizer
Dynamic Web Designing involves creating interactive and adaptable web pages that respond to user input and change dynamically, enhancing user experience with real-time data, animations, and personalized content tailored to individual preferences.
Come learn how YOU can Animate and Illuminate the World with Generative AI's Explosive Power. Come sit in the driver's seat and learn to harness this great technology.
janani Digital Marketer|Digital Marketing consultant|Marketing Promotion|Coim...janudm24
Myself Janani Digital marketing consultant located in coimbatore I offer all kinds of digital marketing services for your business requirements such as SEO SMO SMM SMO CAMPAIGNS content writing web design for all your business needs with affordable cost
Digital Marketing Services | Techvolt Software :
Digital Marketing is a latest method of Marketing techniques widely used across the Globe. Digital Marketing is an online marketing technique and methods used for all products and services through Search Engine and Social media advertisements. Previously the marketing techniques were used without using the internet via direct and indirect marketing strategies such as advertising through Telemarketing,Newspapers,Televisions,Posters etc.
List of Services offered in Digital Marketing |Techvolt Software :
Techvolt Software offers best Digital Marketing services for promoting your products and services through online platform on the below methods of Digital marketing
1. Search Engine Optimization (SEO)
2. Search Engine Marketing (SEM)
3. Social Media Optimization (SMO)
4. Social Media Marketing (SMM)
5. Campaigns
Importance | Need of Digital Marketing (Online Promotions) :
1. Quick Promotions through Online
2. Generation of More leads and Business Enquiries via Search Engine and Social Media Platform
3. Latest Technology development vs Business promotions
4. Creation of Social Branding
5. Promotion with less investment
Benefits Digital Marketing Services at Techvolt software :
1. Services offered with Affordable cost
2. Free Content writing
3. Free Dynamic Website design*
4. Best combo offers on website Hosting,design along with digital marketing services
5. Assured Lead Generation through Search Engine and Social Media
6. Online Maintenance Support
Free Website + Digital Marketing Services
Techvolt Software offers Free website design for all customer and clients who is availing the digital marketing services for a minimum period of 6 months.
With Regards
Janani Digital Marketer
Coimbatore,Tamilnadu.
Dive deep into the cutting-edge strategies we're employing to revolutionize our web presence in the age of AI-driven search. As Gen Z reshapes the digital realm, discover how we can bridge the generational divide. Unlock the synergistic power of PPC, social media, and SEO, driving unparalleled revenues for our projects.
How to Use AI to Write a High-Quality Article that Ranksminatamang0021
In the world of content creation, many AI bloggers have drifted away from their original vision, resulting in low-quality articles that search engines overlook. Don't let that happen to you! Join us to discover how to leverage AI tools effectively to craft high-quality content that not only captures your audience's attention but also ranks well on search engines.
Disclaimer: Some of the prompts mentioned here are the examples of Matt Diggity. Please use it as reference and make your own custom prompts.
The Forgotten Secret Weapon of Digital Marketing: Email
Digital marketing is a rapidly changing, ever evolving industry--Influencers, Threads, X, AI, etc. But one of the most effective digital marketing tools is also one of the oldest: Email. Find out from two Houston-based digital experts how to maximize your results from email.
Key Takeaways:
Email has the best ROI of any digital tactic
It can be used at any stage of the customer journey
It is increasingly important as the cookie-less future gets closer and closer
Short video marketing has sweeped the nation and is the fastest way to build an online brand on social media in 2024. In this session you will learn:- What is short video marketing- Which platforms work best for your business- Content strategies that are on brand for your business- How to sell organically without paying for ads.
In the digital age, businesses are inundated with tools promising to streamline operations, enhance creativity, and boost productivity. Yet, the true key to digital transformation lies not in the accumulation of tools but in strategically integrating the right AI solutions to revolutionize workflows. Join Jordache, an experienced entrepreneur, tech strategist and AI consultant, as he explores essential AI tools across three critical categories—Ideation, Creation, and Operations—that can reshape the way your business creates, operates, and scales.This talk will guide you through the practicalities of selecting and effectively using AI tools that go beyond the basics of today’s popular tools like ChatGPT, Claude, Gemini, Midjourney, or Dall-E. For each category of tools, Jordache will address three crucial questions: What is each tool? Why is each one valuable to you as a business leader? How can you start using it in your workflow? This approach will not only clarify the role of these tools but also highlight their strategic value, making it perfect for business leaders ready to make informed decisions about integrating AI into their workflows.
Key Takeaways:
>> Strategic Selection and Integration: Understand how to select AI tools that align with your business goals and how to conceptually integrate them into your workflows to enhance efficiency and innovation.
>> Understanding AI Tool Categories: Gain a deeper understanding of how AI tools can be leveraged in the areas of ideation, creation, and operation—transforming each aspect of your business.
>> Practical Starting Points: Learn how you can start using these tools in your business with practical tips on initial steps and integration ideas.
>> Future-Proofing Your Business: Discover how staying informed about and utilizing the latest AI tools and strategies can keep your business competitive in a rapidly evolving digital landscape.
Videos are more engaging, more memorable, and more popular than any other type of content out there. That’s why it’s estimated that 82% of consumer traffic will come from videos by 2025.
And with videos evolving from landscape to portrait and experts promoting shorter clips, one thing remains constant – our brains LOVE videos.
So is there science behind what makes people absolutely irresistible on camera?
The answer: definitely yes.
In this jam-packed session with Stephanie Garcia, you’ll get your hands on a steal-worthy guide that uncovers the art and science to being irresistible on camera. From body language to words that convert, she’ll show you how to captivate on command so that viewers are excited and ready to take action.
Most small businesses struggle to see marketing results. In this session, we will eliminate any confusion about what to do next, solving your marketing problems so your business can thrive. You’ll learn how to create a foundational marketing OS (operating system) based on neuroscience and backed by real-world results. You’ll be taught how to develop deep customer connections, and how to have your CRM dynamically segment and sell at any stage in the customer’s journey. By the end of the session, you’ll remove confusion and chaos and replace it with clarity and confidence for long-term marketing success.
Key Takeaways:
• Uncover the power of a foundational marketing system that dynamically communicates with prospects and customers on autopilot.
• Harness neuroscience and Tribal Alignment to transform your communication strategies, turning potential clients into fans and those fans into loyal customers.
• Discover the art of automated segmentation, pinpointing your most lucrative customers and identifying the optimal moments for successful conversions.
• Streamline your business with a content production plan that eliminates guesswork, wasted time, and money.
1. Wednesday 2 September 2015, DMA House, London
James Milligan, Solicitor, DMA
@DMA_UK #dmadata
An introduction to data protection
2. Agenda
9.00 am Registration
9:30 am Welcome and Why is data protection important?
9.35 am Understanding the law
The Data Protection Act 1998
Key terms
8 Principles
10.20 am Break
10.40 am Understanding the law
The Privacy and Electronic Communications Regulation 2003
Key rules
Key points
11.30 am Practical tips for marketers
11.50 am Summary and questions
12.00 pm Close
3. Why is it important?
• It helps us to protect information about ourselves and others
• It helps us avoid damage to the reputation of our organisation
• It makes good business sense – it can increase efficiency and
effectiveness
• It helps us avoid enforcement action by the Information
Commissioner
– both employers and employees can be prosecuted
– companies can face a monetary penalty of up to £500,000
for major breaches
10. Understanding the law - DPA
• Data Protection Act 1998 (DPA)
– Came into force 1 March 2000
– Replaced 1984 Act
– Covers doing anything with data
– Applies electronic records and some manual records
11. Key terms
• Personal data
– any data that can be used to identify a living individual
– Examples of personal data can include:
• Name and address
• Email address (even business email addresses if they are non generic)
• Name and telephone number
• Photographs
– Only personal data is protected by the DPA
• Sensitive personal data
– any data relating to:
• Health
• Race or ethnic origin
• Political opinions
• Religious beliefs
• Trade union membership
• Sex life
• Criminal proceedings or convictions
12. Key terms
• Processing
– obtaining, recording or holding information or carrying out any
operation on the information including
• Organising
• Adapting
• Retrieving
• Disclosing
• Blocking
• Destroying
• Data subject
– a living identifiable individual to whom the personal data relates
13. Key terms
• Data controller
- Determines how data will be used
- Usually owns or rents the data (may be done by 3rd party on their
behalf)
- Required to notify (register) as a controller with the ICO
- May be fined by ICO if any data breaches arise
• Data processor
- Processes data on behalf of controller or other processor
- Processing can be anything from data storage to
advanced data manipulation and modelling
- Includes companies that manage / broker / collect data on
behalf of others
14. Determining whether data controller or
data processor
• Look at activities each party is carrying out
• Data Controller – over-arching decisions
• Data Processor – freedom to use technical knowledge
• If both parties working well together and dealing with data protection
compliance – no real issues
• Important to determine for when things go wrong e.g. data breach
• Establish roles and responsibilities before work starts
• Obligations of both parties under DPA 1998
• Need for operational guidance behind data processing contract
• Remember that a data processor will also be a data controller in
respect of own employees.
15. The 8 principles
• Fairly and lawfully collected
• Processed for specified and limited purposes
• Adequate, relevant and not excessive
• Accurate and kept up to date
• Not kept for longer than necessary
• Processed in accordance with Individuals’ rights
• Security – appropriate technical and organisational measures
• Not transferred outside the European Economic Area (EEA)
unless adequate protections are in place
• (EEA: The 28 member states of the EU, plus Iceland,
Liechtenstein and Norway)
16. Principle 1: Fairly and lawfully collected
• Fair processing information provided
• Organisation’s identity given
• Purpose of collection made clear
• Further information necessary
• Correct permissions obtained
- Implied consent: opt-out mechanism provided
- Express consent: opt-in mechanism provided
• Sensitive personal data only captured if strictly necessary
17. Principle 2: Processed for limited
purposes
• Only process data for the purpose(s) you told the individual
• Make the purpose(s) clear at the point of data collection
• Change of circumstances – what happens to the data then?
• Subsequent use of data for direct marketing purposes
• Data cleansing – regular and ad hoc
18. Principle 3: Adequate, relevant and
not excessive
• Minimum amount of information required
• Additional information for specific individuals
• Collect data that you will use now
• Collection of data that ‘may be useful’ in the future is
not permitted
19. Principle 4: Accurate and kept up to
date
• Take reasonable steps to ensure accuracy (but what
is ‘reasonable’?)
• Ensure data is not incorrect or misleading
• Undertake regular data cleansing
• Clean data against the relevant preference service
files and other appropriate cleansing files
20. Principle 5: Not kept for longer than
necessary
• Keep for as long as purpose collected for
• Suppression lists
21. Principle 6: Processed in accordance
with the right of data subjects
• Subject access requests
• ‘Where did you get my data from?’
• Right to prevent direct marketing
• Customer service / legally required communications –
no opt-out provision required
• Right to have inaccurate data corrected
22. Principle 7: Technological and
organisational security
• Data security must be appropriate – take account of:
– Current state of technological development
– Cost of implementing security measures
– Potential harm that could result from a data breach
– Nature of data to be protected – non/sensitive?
• Need for risk assessment and risk management techniques
• Record your findings and assessments
23. Principle 7: Technological and
organisational security
• Ensure adequate organisational data security measures
• Prevent unauthorised as well as unlawful processing or disclosure of data
• Security measures by data controller and data processor
• Data processing and transfer agreements in place
• Staff training
• Data access on a ‘need to know’ basis – individual log-ins only
• Secure disposal of data – internally/externally - keep records
24. Principle 8: Processed within the EEA
unless adequate protection in place
• Data can be freely transferred within the EEA (providing
data transfer agreements are in place)
• Do not transfer data unless the country (destination and
countries data is routed via) have an adequate level of
data protection
• Need to inform individuals before transferring their data
outside the EEA but do not need their consent
25. Understanding the law - PECR
• Privacy and Electronic Communications Regulations 2003
(PECR)
– Came into force 11 December 2003
– Covers electronic communications – email, telephone,
SMS
26.
27. Nuisance calls
• 2013 2 parliamentary inquiries
– All Party Parliamentary Group on Nuisance Calls
– Commons Select Committee on Culture Media and Sport
• 2014 Government Published Nuisance Call Action Plan
• Which? Taskforce on Consent
• Govt. consultation end of 2014 on lowering threshold
– Need for significant damage and distress
– 3 options in consultation paper
• Option 1- do nothing
• Option 2 – annoyance, inconvenience or anxiety
• Option 3- remove existing legal threshold
– Govt. opted for option 3
28. Nuisance calls
• Threshold may have been removed but still have to
prove serious contravention and criminal
negligence on the part of the organisation
• In force since April 6 2015 – applies to activities
after this date
• 2015 Budget – £ 3.5 million to be invested in ways
to protect vulnerable consumers from nuisance
calls
29. Key rules
• Sender must not conceal their identity
• Communication must have valid address where opt-outs can
be sent
• Opt-in required for individuals (B2C)
• Soft opt-in/existing customer exemption – available:
– When you are collecting the address/mobile number in the
sale or negotiations for the sale of a product or service;
– You only send communications about similar products and
services;
– You provided an opportunity at time of collection to opt-out.
30. Key points
• Existing customer exemption: Not an excuse for unsolicited contact
where correct permissions were never obtained
• B2B – Opt-out and marketing message needs to directly relate to the
work they do.
• Subject headers in emails must be clear and accurate
• Free and simple-to-use opt-out method must always be provided
• Action unsubscribe requests promptly – add to internal suppression
file
• Maintain different flags for different types of communication – helps to
avoid general opt-outs for all channels
31. Practical tips for marketers
• Data capture forms
• Marketing permissions
• Sourcing data
• Regaining lost permission
32. Data capture forms
• Key information to include;
– Why the data is being requested
– What the data will be used for
– Provision of an opt-in/out for marketing
– Marketing channels to be used
– Link to privacy policy
• Key information to include in privacy policy
– How the data subject can opt-out of marketing
– If the data will be processed outside the EEA
– How long the data will be kept for
– How to make a subject access request
– How to make a complaint regarding use of data
33. Marketing permissions
Own marketing 3rd party marketing Own marketing 3rd party marketing
Mail opt-out
opt-out (MPS
screening) opt-out opt-out
Telephone opt-out
opt-out (TPS
screening) opt-out
opt-out (TPS/ CTPS
screening)
Email
opt-in/ soft opt-
in opt-in
opt-in (unless
corporate
subscriber
exemption)
opt-in (unless
corporate subscriber
exemption)
SMS
opt-in/ soft opt-
in opt-in opt-in opt-in
Fax opt-in opt-in opt-out
opt-out (FPS
screening)
B2C B2B
34. Sourcing data/due diligence
• Who compiled the list? When? Has it been
amended or updated since?
• When was consent obtained?
• Who obtained consent and what was the context?
• Was it opt-in or opt-out?
• Was information provided clearly and intelligibly?
How was it provided?
• Did it list organisations by name, by description, or
any third party?
35. Regaining lost permissions
• Why was permission lost:
– Poor customer service?
– Poor communications timing?
– Inappropriate offers?
– In-house technical issues – permissions not recorded on
CRM system
• Revalidation exercise – obtaining up-to-date data
• Can very occasionally include request regarding marketing
update in a service message providing it is a minor part of the
message
• If you have only lost permission for certain channels, contact
via another channel to update permissions