A survey by leading UK law firm Irwin Mitchell revealed that only 34% of marketing companies were aware of the new General Data Protection Regulations which come into effect on 25th May 2018. The strict rules stipulate how all businesses are to handle their customers’ personal data and will still affect UK businesses even after Brexit. The maximum fine for a breach of data will be either €20million or 4% of global turnover, whichever is greater. Most of the companies surveyed admitted to being unaware of these new fines. Another significant find was that only 30% are certain that they would be able to detect a data breach in their organisation and only 37% would be confident that they could notify the ICO within the allotted timescale of 72 hours. And don’t forget that a data breach could range from hackers breaking into servers all the way down to sending out a letter to the wrong customer.
Most worrying was the discovery that 45% of the respondents did not believe GDPR was relevant to their businesses because they aren’t consumer facing – a common misconception which could bring about the downfall of many marketing companies. Not only does guarding personal data include employee data, payroll and pension records but if your business handles consumer data on behalf of brands – e.g. collecting entries from a prize draw or subscribers to their newsletter – you are responsible for protecting that data too, on behalf of your client.
Despite Brexit, the UK Government have confirmed that GDPR will be fully implemented in the UK along with a new E-Privacy Regulation that will replace the existing Privacy and Electronic Communications Regulation (PECR). And then there’s the Digital Economy Act 2017 that’s just got the Royal Assent and touches direct marketing with a Code of Practice overseen by the Information Commissioner’s Office (ICO). Marketers should not leave the changes required by these laws to others as they directly impact most marketing plans.
PromoVeritas invited one of Europe’s leading data protection practitioners, Ardi Kolah, to deliver an informative Breakfast Briefing aimed at explaining the impact of GDPR on the marketing industry. Ardi provides advice to the government and numerous multi-nationals and is a keynote speaker at major international events on data protection and privacy.