On 25th May 2018 a new EU Directive on data protection comes into force and this will have an impact on the way that retailers market to potential customers. It is the most significant overhaul of data protection legislation for over 25 years and despite the UK’s decision to Brexit data protection specialists agree that UK organisations will still have to adhere to the directive.
This is because it will likely take over two years to actually exit the EU once the Prime Minster gives notice, set out by the procedures in Article 50 of the Treaty of the European Union. Consequently, the UK will still be members of the EU when GDPR comes into force and we will therefore be bound by its laws. The day we exit this will no longer be the case, but it is likely that the UK will adopt all or most of GDPR as domestic legislation.
GDPR – General Data Protection Regulation – demands an opt-in system of prospecting and non-compliance could result in severe sanctions including fines of up to four per cent of global turnover, which could run into millions for some retailers. GDPR will require retailers to send direct marketing materials only to people that have explicitly agreed to receive them. What this means is that retailers will only be allowed to market to existing customers (provided their data meets the new conditions) or prospects that give their unambiguous consent for their data to be used.
The directive also states that individuals will have a right to object to having their data processed and this right will have to be explicitly brought to their attention. Consequently, retailers will need to review their systems well in advance of the new regulation taking effect.
The major changes that GDPR will bring are:
- More rigorous requirements for obtaining consent for collecting personal data
- Raising the age of consent for collecting an individual’s data from 13 to 16 years old
- Requiring a retailer to delete data if the individual revokes consent for the company to hold the data
- Requiring an organisation to delete data if it is no longer used for the purpose it was collected
- Requiring organisations to notify the relevant data protection authority of data breaches within 72 hours of learning about the breach
- Establishment of a single national office for monitoring and handling complaints brought under the GDPR
- Increased fines for non-compliance
Retail marketers have two years to get ready for GDPR. They should be using this time to build compliant and effective databases of engaged, opted-in prospects that they can then move through the sales funnel at their leisure. Online lead generation is a quick, cost efficient and effective way for them to achieve this. It enables marketers to source high quality leads that can then be opted-in. To be successful the lead generation mechanic must tap into the value exchange. This means that the customer receives something that is valuable to them, such as the chance to win products or a money-off voucher, in return for their data. Consequently, only people that value the offer will respond which means the quality of the leads generated is high.
GDPR should be viewed as an opportunity rather than as a negative. It encourages deeper, more personal relationships with customers and a clearer data protection framework within which to operate.
Article by Phil Lightfoot, CEO, Communication Avenue