Data Protection Changes – Winter is Coming

Some major changes to Data Protection are being discussed within the EU that could impact every business. We want you to understand that ‘Winter is Coming’.




To give some background, our marketing automation software – Websand – helps businesses to get the most from the customer data they collect; to increase customer loyalty, improve customer retention and generally make the process of email marketing much easier. As a result, understanding the future changes in data protection are really important to us and should be to you too.



In our opinion the more relevant you can be with your marketing then the better business will be. If you do this, you’ll be in decent shape to handle the upcoming changes to data protection.


Winter is Coming

The characters in Game of Thrones often say ‘Winter is coming’. It’s not yet been explained exactly what it means but it always sounds a bit ominous.


If you are a business that collects data in any shape or form from your customers, then a change is coming, and like the last season of Game of Thrones is likely to arrive in 2017.


Data Protection Act 1998

The last major change to data protection legislation was in 1998. At the time, junk mail and ‘cold’ telephone calling was the main issue of the day.


In 1998, mobile phones were Eriksson or Nokia. Apple was still more famous as a fruit. The internet was a dial-up thing, rather than all powerful 4G-linking-everything thing. Social Media was watching the TV in the pub and pausing live TV was simply unimaginable. It was so long ago, Newcastle United actually tried to win the FA cup.


That was a long time ago, a lot has changed since


2015 – the year of reckoning for Data Protection Legislation?

Changes are being discussed within the EU that will change the way that businesses are able to collect and use the information they collect from their customers.



The changes have been through the ‘first’ round and are close to being formally agreed. These things take time, however, according to the DMA (Direct Marketing Association), 2015 will be the year of reckoning.



The basic outline of the data protection changes are ‘passed’ however, specifics are still to be formalised. The full changes to data protection legislation are likely to be agreed this Winter (Winter is coming!) and the changes would become UK law in 2017.


We have been following the progress of the changes through our membership of the DMA (you can too – see here)


EU Data Protection Changes

Here is a summary of the possible changes.



Focus on explicit marketing consent

Following on from recent issues such as the John Lewis opt in case and the Better Together SMS scandal during the Scottish Referendum case, the changes in data protection will focus on the explicit opt in by an individual to receive marketing communications from a business.



This means that you will need to be able to prove that prospects had opted in to receive marketing information.



It is also expected that this will also apply to marketing to existing customers. You are likely to require ‘regular’ confirmation from your customers that they wish to continue to receive marketing messages from your business.



The description of what time period the term ‘regular’ means from a B2C and a B2B context is an area of discussion and major concern.


The end of analytics?

This is a biggie. The current EU proposal looks to reclassify internet users’ IP addresses as private information and therefore inaccessible to marketers, leaving your analytics tools with only the most basic of information.



Following that potential game changer. Explicit consent is also expected to be required for the use of customer information collected for future marketing communications.



The specifics of how this will work are not yet clear, but significant changes to how data driven businesses operate are likely.


Increased administration

More management and control of data will be enforced on businesses. This will mean that new systems and procedures will need to be adopted to be data protection compliant.


Data protection officers will be required for businesses with over 250 employees.



Free data access requests. If you want to get all the information a business has on you, then you will be able to ask for it. No fee can be charged and you will need to receive it back within a ‘reasonable’ timeframe (tbc).


Right to be forgotten

This is not as straight forward as you think. Deleting data is not the answer, but that is what is expected. For example, if you’d like to be forgotten on Google, then you need to fill out a form. However, in order to be forgotten, Google needs to track your information. So you would be forgotten on the outside (the search engine bit) but not on the inside as the ‘system’ needs to manage your ‘forget me’ request.


Penalties

If you don’t comply then you will be punished!



If you are found to break the regulations, then a maximum fine of either 1 million Euros or 2% of annual turnover will apply.



Those affected will also have a right to compensation as a result of ‘damage’ caused. So data protection changes could result in a claims culture being created (the next PPI?)




Marketing to minors

Marketing to minors will be more regulated. Parental consent will be required for marketing to under 18’s, and perhaps more prominently online marketing banned for under 13.



Shifting sands

.

It’s Election time, so what the politicians say will be important. For example, what would an opt out from the EU mean in regards to the expected changes. Perhaps surprisingly Data protection hasn’t yet become a political ‘hot potato’ but it is appearing on manifestos, such as the Liberal Democrats suggested Digital Rights Bill




Nick Clegg has said;

“The way in which we work, socialise, buy products and use services has changed at lightning speed since the digital revolution. However government and politicians have responded at snail’s pace, and failed to ensure the rights of consumers, businesses, journalists and children are protected in the online world. “Our Digital Rights Bill will finally enshrine into law our rights as citizens of this country to privacy, to stop information about us being abused online, and to protect our right to freedom of speech.”


In summary

The objective of these changes are to provide transparency to the general public about how the information they share is used by business. This is a good thing. However the changes need to be balanced, easy to understand for both the general public and business alike.



Overall, if a business is open and treats the data it collects about customers with respect, and uses this information in a relevant, personalised way to its customers. The outcome is usually a respected growing business with loyalty customers.



Perhaps that is what the data protection changes are looking to legislate. I hope they are able to do this, but it will be incredibly difficult process. So we can expect a little chaos is likely before common sense prevails across the (former) common market.



You have our permission to share this information. If you want any help about improving your marketing and making sure that you can handle these future changes please get in touch.