On 14 April 2016, the European Parliament approved the General Data Protection Regulation (GDPR) with the general consensus that it will be in place by the summer of 2018. The regulation reflects the good practice that already exists in the majority of businesses but there is a benefit in reinforcing the approach. Raising the profile of the transparent, responsible use of personal data among consumers can only help our industry to mature.
Every responsible company wants to know how we ensure that consent for direct marketing purposes is explicit and unambiguous, as required by GDPR.
Existing regulations already require this, so this simply cements good practice. Organisations now need to ensure full compliance and extend this all the way through the data supply chain.
Businesses need to cope with new pressures
Most marketers rely on third-party data to supplement their own customer records. Third-party data brokerage has been an active component of the direct marketing industry for years. But, just as retailers are obliged to use ethically sourced and manufactured goods across their supply chain, we believe the new GDPR will put organisations under a similar kind of pressure.
The emphasis will be on them to ensure that any personal data they use is fully consented and has been collected fairly and transparently at the point of origination.
Without this reassurance, the potential damage to brand and reputation will go well beyond the impact of a financial penalty. Just ask any retailer who finds out that part of his supplier network is using sweatshops in Bangladesh!
Key considerations for compliance
- Review your data capture process across your entire supply chain to validate the quality of consent and make continuous improvements.
- Ensure you have an automatic deletion process if an individual requests removal.
- Use every interaction as an opportunity to confirm and expand your customer record, with corresponding consents. This will improve the quality of knowledge across your organisation.
- Consider what data you may need in future. Start creating transparent processes to capture and validate this now. For instance, your systems may be able to capture mobile telephone numbers, but what about people’s ages or their social media identity? Your future communications strategy may depend on this information.