Last May we were faced with a ‘frenzy’ of email activity with businesses trying to get our consent to keep marketing to us. Companies we had never heard of before were asking to ‘keep in touch’ and conversely businesses who we had already given our consent to were emailing us to get re-consent, ‘just in case’!
GDPR review for marketing purposes
12 months on and it’s now a good time to review your current data processes to make sure they are GDPR compliant. You should consider the following:
- Review your current data processing and storage processes, do you need to make any changes?
- Based on the above process review, do you need to update your privacy notice on the website and in your letters of engagement and terms of business documents?
- Make sure that anyone who has ‘opted out’ of receiving marketing communications from you is taken off your marketing lists. However, you should also note on a central database or suppression file what their details are and when they unsubscribed so that no-one adds them on again (unless of course, you have their re-consent to do so).
- Before embarking on any telemarketing activities always check the recipient is not registered with the Telephone Preference Service (TPS) or the Corporate Telephone Preference Service (CTPS), or the Mail Preference Service (MPS) if you intend to send them a marketing mailing.
- Make sure the process for people being able to unsubscribe/opt-out of receiving future marketing communications from you is clear and simple to do.
- Ask third party suppliers who may have access to your data for marketing purposes to confirm their processes are GDPR compliant and you are confident they are handling your data legally.
- Check your processes for obtaining and documenting consent from new clients, prospects and business contacts so they can receive future marketing communications from you.
- When gathering information for marketing purposes state what the data will be used for, e.g. to send a white paper the recipient has asked for, to subscribe to a newswire, to be contacted by your business development team, etc.
The Information Commissioner’s Office has a useful article which sets out the current GDPR and marketing requirements for businesses under the Privacy of Electronic Communication Regulations (PECR), including the use of ‘legitimate interest’ marketing.
Make way for the ePrivacy Regulations
However, making sure you are now compliant with the GDPR is vital, because on the horizon are the new ePrivacy Regulations (ePR). These are likely to come into effect later this year. They will replace the PECR, but will work hand in hand with the GDPR. So where the GDPR is concerned with the use of personal data, the ePR focuses on making sure communications are confidential and will apply to all forms of electronic communication. This will cover emails, websites, cookies, texts, apps and so on. Whether we are in or out of Europe, these regulations will still apply to UK businesses.
Further details about the ePR will be circulated on the Momentum for Professionals newswire as and when it is confirmed.
