Skip to content
PromoVeritas
PromoVeritas
Contact Us
PromoVeritas
  • Home
  • About Us
  • What We Do and Why
  • Our Work
  • News
  • Join the Team
  • Contact

GDPR, the UK and Brexit: The Facts for Marketers

Abi Roman February 23, 2017

Recently the Direct Marketing Association revealed that a quarter of UK businesses will not be ready to meet the May 2018 deadline for changes to the way they gather, store and use data, as required by the GDPR (General Data Protection Regulation). Most of the worst delayers were branded goods makers.

Marketers appear to be unsure whether the UK’s departure from the European Union will mean it is exempt from the EU’s strict new data protection rules. So, what are the facts:

GDPR will precede the UK’s exit from the EU

Britain’s exit from the EU will take a minimum of two years from the time that Prime Minister Theresa May triggers Article 50, formally notifying the intention to withdraw from Europe. GDPR will become law in the UK in May 2018 – almost a year after the earliest time that Britain could even contemplate being free from the EU. So GDPR is totally relevant to all businesses.

The Great Repeal Bill will make most EU laws become UK law

After Article 50 is triggered all the laws and regulations made whilst the UK was part of the EU will need to be transferred into the UK statute books via the acceptance of a Great Repeal Bill to end the supremacy of EU law in the UK. This will include the GDPR, but the Bill will at its first stage simply make EU laws become UK laws and not directly change them.

The Government and the ICO have confirmed that the UK will follow GDPR

During a parliamentary question and answer session in November 2016, Karen Bradley MP, Minister for Culture, Media and Sport confirmed that the UK will formally opt in to GDPR because it will still be a member of the EU when it comes into force. And last month the head of the ICO, Information Commission, Elizabeth Denham, delivered a speech on GDPR confirming this. She said “I’m a regulator, independent of government – but they’ve made it clear that EU law will remain UK law, until the government sees fit to repeal it.”

What does this mean for marketers and promotions?

In a nutshell GET READY. Remember GDPR applies to all companies – large or small – who handle personal data on EU citizens. Those found to be breaching the rules could face a fine of up to 20 million euros or 4% of their worldwide annual turnover.  You can follow the ICO’s useful 12 step guide to preparing for GDPR here. You can also begin by making sure your promotions are compliant with the new rules. Here are some helpful tips:

1. Consent – must be clear and freely given. It must also be specific, informed and unambiguous. Do this by using clear and affirmative actions (eg a tick box) or statements to clarify that the entrant agrees. Do not use pre-ticked boxes that people can claim they did not see or understand.

2. Timing – Consent is not forever. You will need to refresh consent on a regular basis, the timing of which will depend on the buying cycle of your product

3. Cross border promotions – Any promotion targeted at any EU country must follow the GDPR, even if the promoter is not based in the EU or the promotion is ‘in the cloud’.

4. Data – If you are an agency, you should not be touching anyone’s data unless you have a signed Data Processing agreement in place. You may need to update your processes to be compliant With the growing demands of clients.

PromoVeritas has a specialist Information Security team who can assist your company to become GDPR ready. Simply contact info@promoveritas.com or call +44(0)20 3325 6000 for help with shaping and implementing compliant data processes and world class promotions.

Photo credit Fotolia
« Choosing Your 2017 Promotion Prizes: Our Top Tips PromoVeritas Awarded Information Security ISO27001 Certification »

Call us on 0203 325 6000 to find out how we can help your promotion

+44 (0)203 325 6000
info@promoveritas.com
  • Home
  • About Us
  • What We Do and Why
  • Our Work
  • News
  • Join the Team
  • Contact
Proud members of ISO-27001 Accredited Proud members of
Run it Right.
© 2023 PromoVeritas
Privacy Policy Terms of Service Website Terms & Conditions Cookies Policy
We use cookies on our website. All the cookies we use can be viewed using the Cookie Settings button. By clicking “ACCEPT” you consent to the use of all cookies. You cannot disable our essential cookies.
Do not sell my personal information.
Read More
ACCEPTCookie settings
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Essential
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

CookieTypeDurationDescription
cookielawinfo-checkbox-necessary011 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary011 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary".
viewed_cookie_policy011 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Non Essential

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

CookieTypeDurationDescription
_ga01 yearThis cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, camapign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randoly generated number to identify unique visitors.
_gat_UA-15728851-301 minuteThis is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gid01 dayThis cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
bcookie01 yearThis cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
bscookie11 year
csrftoken011 monthsThis cookie is associated with Django web development platform for python. Used to help protect the website against Cross-Site Request Forgery attacks
GPS030 minutesThis cookie is set by Youtube and registers a unique ID for tracking users based on their geographical location
IDE11 yearUsed by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
ig_did11 year
ig_nrcb01 year
lang0This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
li_sugr02 months
lidc01 dayThis cookie is set by LinkedIn and used for routing.
lissc01 year
mid01 yearThe cookie is set by Instagram. The cookie is used to distinguish users and to show relevant content, for better user experience and security.
test_cookie011 months
u02 months
UserMatchHistory01 month
VISITOR_INFO1_LIVE15 monthsThis cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC1This cookies is set by Youtube and is used to track the views of embedded videos.
Save & Accept