• Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events

Posts Tagged :

GDPR

OPINION: Don’t rip up the UK’s data privacy rules

A major announcement earlier this month of a consultation on overhauling current data legislation made by the former Digital Secretary Oliver Dowden, has been questioned by a leading expert in data privacy regulation. Privacy expert Nigel Jones (pictured), Co-Founder of the Privacy Compliance Hub and ex-head of legal for Google in EMEA, urges against ripping up the UK’s privacy rules…

The stated aim of the consultation is to drive greater innovation and growth in the UK’s data sector and better protect the public from major data threats.   However, there are a number of issues with the announcement. While I broadly welcome some aspects of the consultation, there is actually little by way of explanation in the announcement as to why the UK’s current data rules and regulations are insufficient to enable all these things to be addressed without the planned reforms.

The stated aims of the proposed reforms – to boost international trade; reduce burdens on business; deliver better public services; drive economic growth; boost innovation including reducing barriers to responsible innovation; protect the public; and strengthen public trust in use of data are ones that most organisations – as well as the general public – would agree with.

However, my view is that there is little, if anything, in the current legal framework that is stopping the UK from executing the aims of this consultation now, and there is insufficient detail in last week’s announcement to explain why such a consultation is necessary. Changes to the current agreement may threaten the very important adequacy decision that the UK has with the EU.

The announcement last week contains many references to science, healthcare and research and how the use of data in these areas needs to be simplified.  It is unclear what the Government feels is wrong with the current rules as they apply to science, healthcare and research.  It refers to advances made by Moorfield’s Eye Hospital and University College London in identifying eye disease by making use of AI, but those advances were successfully made under the current data framework using the power of Google Deepmind.  What exactly do they think is wrong with the status quo?”

The announcement also claims that there are plans to impose tougher penalties and fines for nuisance calls and text messages. My view is that there is nothing in the announcement that explains why this is necessary as current penalties are already very stringent.  Under the UK GDPR, the current maximum fine is already up to £17.5 million or 4% of worldwide turnover – that this is sufficient deterrent.

The announcement refers to disproportionate burdens for compliance on many organisations. While it is logical for the announcement to claim that a hairdresser shouldn’t have the same data protection processes as a multimillion pound tech firm, this ignores the fact that the current regime doesn’t require a hairdresser to have the same processes as Facebook. Also, how many hairdressers do we hear complaining about the burdens that the current UK data framework places on their business?

The consultation states that a shakeup of the Information Commissioner’s Office (ICO) is proposed, to include an independent board and chief executive.

The tenure of Elizabeth Denham, the current Information Commissioner, comes to an end this year.  She has come in for criticism during her time in charge from those that feel that, as a heavily funded regulator, the ICO should be able to achieve much more, especially in the area of enforcement.  Perhaps the government feels that by taking power away from the Commissioner and putting it in the hands of an independent board which it can appoint, it will be able to ‘take back control’ of data regulation.

However, I’m very much in favour of the statement in last week’s press release that the government plans to “replace box ticking with common sense.”

We couldn’t agree more. Data protection has never been about box ticking and it never should be. It is about creating a culture of continuous compliance and we take great heart from the government’s apparent enthusiasm for what it calls ‘Privacy Management Programmes’.  All companies that process data should build a culture using such a Privacy Management Programme which makes all its staff understand privacy, care about it and do their bit to use data wisely and securely.”

I also agree with the aim outlined in the plan to mitigate the risk of bias in algorithmic systems. This is a hugely important objective but it will be interesting to see how the government proposes to improve the current framework which exists under the UK GDPR.

It is intriguing that the government feels that the UK’s current data legislation is in some way holding the country back in areas such as international trade, public services, innovation, research, healthcare and hairdressing.  While of course any improvements in these areas are to be welcomed, we should bear in mind that the current rules are based upon a framework that has been in place for a very long time and that those rules already allow for much flexibility.

The government should make changes at its peril, and be careful to make sure that any planned amendments don’t threaten the very important adequacy decision that we have in place with the EU, our largest trading partner.  In our view, it would be better to make use of the existing flexibility we have than to suggest ripping up existing rules and starting again.

GDPR fines hit nearly 300m euros in three years

The General Data Protection Regulation (GDPR) was implemented in the EU three years ago on May 25th. This legislation aimed to give the residents of the EU more control over their data and privacy.

According to the recent Atlas VPN team findings, the cumulative sum of the GDPR fines imposed on the EU countries over the past three years has reached €283,673,083 due to a total of 648 penalties against organizations violating the data protection law.

The biggest GDPR fine so far was issued in January 2019. The French regulator CNIL fined Google €50 million for failing to provide transparent information on its consent policies and the way it handles ad personalization.

After that, another massive increase in penalties happened between October 2019 and January 2020. Thus, since the start of GDPR, organizations have been fined a total of €100,711,612 due to 167 violations.

In 2020, from July to October, there was a significant increase in the sum of fines. It was because 3 out of 5 most enormous penalties of all time were issued in October.

Cybersecurity writer and researcher at Atlas VPN William Sword, said: “GDPR has empowered EU citizens to be more actively involved in what is happening with their data and understand their privacy rights. As for organizations, complying with data protection rules will create a more trustworthy environment between them and consumers. ”

GDPR violations in specific countries

Privacy regulators in each country were closely monitoring companies to make sure that people’s data is dealt with responsibly.

Italy has assessed the most significant sum of fines over three years — €76,271,601. So far, Italy has been penalized a total of 77 times.

France takes second place with €54,661,300 in fines. The largest part of the amount was made off of the previously mentioned Google fine.

In third place sits Germany, where GDPR violations have cost companies €49,186,833.

Even though Spain has slightly less in the total sum of fines — €29,521,410, they have had the most violations. More than one-third of all GDPR penalties (230) were imposed upon Spain.

Two-thirds of consumers ‘Don’t understand how their data is used’

Over half (58%) of consumers want long term relationships with brands, but 33% saw irrelevant retail offers as the biggest marketing mistakes, indicating a personalisation disconnect.

That’s according to the latest APEX report from Valitor, which reveals the key marketing challenges brands will face in using customer data to build relationships.

The study also found that almost half (48%) of consumers think that when it comes to relationship ‘building’, all they see after-sale are spam emails.

In fact, it seems personalisation across the board does not meet expectations. 68% do not know how their data is being used by brands. Valitor says this knowledge gap, combined with the implementation of GDPR and the ongoing discussions of data being used in political discussions, has spiked consumer interest in data use and privacy.

However, while interest has increased, the actual use of data by brands is creating uncertainty, confusion and setting unachievable expectations about the sort of interactions customers should expect. 

Halldór Lúðvígsson, Managing Director, Omni-channel solutions at Valitor, said: “The latest APEX report reveals that consumers want a long term relationship with brands, which is clearly an opportunity that needs to be pursued. To succeed in establishing relationships, brands need to show customers that by having their data, they are able to create the long term value they crave. Currently, though many consumers feel brands’ efforts are missing the mark, which is risking weakening customer retention.”

The good news for brands, however, is that consumers are still happy to provide them with personal data, as long as it is used in the right way. In fact, 75% of consumers are comfortable with the concept of a brand holding personal information in order to improve the services and relationship. Consumers also revealed that they are most willing to share email addresses (42%), followed by clothing size (29%). But in order to keep consumers happy, brands need to ensure that they use this data wisely if they are to encourage the sharing of more types of information. 

Meanwhile, the outdated practice of getting data and then taking a “spray and pray approach” has clearly had negative effects on consumers. For example, over a third (34%) of consumers say that they have been made to feel like a brand no longer wants to impress them once they have parted with their money. Another third (33%) aren’t convinced brands still care about them after the sale is done. While a quarter (25%) highlight the fact that occasional offers are not the same as a proper customer service relationship. 

Other key report findings:-

  • The 18-35 age group is far more confident in their understanding of how brands use their data (18-25 were 40%; 26-35 were 43%) compared to the 66+ age group (19%).
  •  44% of consumers take notice of marketing communications from a brand:
    • 56% take notice of emails 
    • 46% notice free samples/trials 
  • 52% of 18-25 years – the highest proportion of all age groups (and the emerging customer base for many brands) – are receptive to messaging from brands. 
  • The oldest consumers, 56-65 and 66+ are the least likely to pay attention to brand marketing.

Download the full report here.

A how-to guide to Legitimate Interest Assessments

As a business, you need to market your services beyond your own walls. However, you’re aware that you also need to comply with GDPR and PECR.

Many businesses are unsure how to apply Legitimate Interest for multichannel communications. Our new guide will help you to plan outreach campaigns that meet your personal data obligations.

So what exactly is Legitimate Interest, when can you use it, and how can you actually apply it?

Download the guide to read:

  • When you can use Legitimate Interest
  • Examples of Legitimate Interest
  • The 3 stages of Legitimate Interest Assessments (LIAs)
  • Tips to remember
  • Bonus: Free Legitimate Interest Assessment Template

Legitimate Interest can be a great option for some businesses, but you need to follow the proper steps to protect yourself, your business, and the rights of your data subjects. You will need to demonstrate that your interests are not overridden by the interests of the individuals in question. And you do that by carrying out a Legitimate Interest Assessment.

If you would like to discuss LIAs – or the GDPR at large – in more detail, and how the Regulations relate to your campaigns, please contact Nigel Copp at KPM Group. 

A how-to guide to Legitimate Interest Assessments

As a business, you need to market your services beyond your own walls. However you’re also aware that you need to comply with GDPR… and PECR!

So how can you balance getting the word out, while also meeting personal data obligations?

There are six lawful basis set out in the GDPR to justify the processing of personal data – Legitimate Interest being one of them. But many businesses are unsure how to apply it for business to business (b2b) marketing communications.

So what exactly is Legitimate Interest, when can you use it, and how can you actually do it?

Download the guide to read:

  • When you can use Legitimate Interest
  • Examples of Legitimate Interest
  • The 3 stages of Legitimate Interest Assessments (LIAs)
  • Tips to remember
  • Bonus: Free Legitimate Interest Assessment Template

Legitimate Interest can be a great option for some businesses, but you need to follow the proper steps to protect yourself, your business, and the rights of your data subjects. You will need to demonstratethat your interests are not overridden by the interests of the individuals in question. And you do that by carrying out a Legitimate Interest Assessment.

If you would like to discuss LIAs – or the GDPR at large – in more detail, and how the Regulations relate to your campaigns, please contact Nigel Copp at KPM Group. 

Build trust with direct mail

By KPM Group

The introduction of GDPR has undeniably made life a little more difficult from a marketing (and particularly a digital marketing) perspective. And while most organisations are taking steps towards compliance, many still have a long way to go.

It’s not a consistent story; on average“UK marketers consider their organisations to be just over 82% compliant with GDPR” – with a fifth even claiming 100% compliance.

However on the retail side, GDPR is being met with some resistance due to the cost of compliance, and a fear of losing essential data. Meanwhile charities (who hold sensitive information and cannot risk public distrust) are faring better, but a lack of confidence is still evident across the board.

Get GDPR confident

The birth of GDPR gave rise to a greater understanding of the value of personal data, and how it can be misused. The greatest challenge for companies post-GDPR is the rebuilding of consumer trust, and the relationships that go with it.

GDPR has exposed many unwitting individuals to the scope and nature of the data held about them, so looking forward organisations must demonstrate that they can be trusted to operate ethically and fairly with the information they process, and keep subjects informed.”

Within the parameters of GDPR, marketers must reconsider the most effective marketing and communication channels. So how about revisiting the old, as new?

Using direct mail to build trust

Direct mail marketing isn’t impeded by as many restrictions as email (you don’t always need consent for postal marketing), and therefore offers a legitimate way to contact customers and prospects who are otherwise unreachable.

From a trust and relationship perspective, you can use post to direct customers online and encourage opt-in consent – placing the power literally in their hands, and reinforcing their position as a valued customer.

Furthermore, mail achieves higher rates of engagement and conversion than emails, with 87% of direct mail recipients influenced to buy something online. And that’s not to the exclusion of digital marketing: a MarketReach study proved that mail primes other channels, meaning that emails and social media promotions may be better received – and remembered – if the recipient has received mail beforehand.

There is still a long way to go for companies and their handling of personal data, but looking to the future, GDPR could potentially teach businesses a great deal more about their customer base. Digital still has its place, but we’re seeing a very clear reason that postal marketing is still alive and kicking.

Find out more
Need a bit more guidance? Talk to us, make the most of mail, and get GDPR confident.

This article is abridged from KPM Group’s report, GDPR: Build Trust With Direct Mail. Read the full version here.

DMA and OneTrust offer marketers GDPR compliance tools

OneTrust and the Data & Marketing Association (DMA) have entered a strategic partnership to equip marketers with the tools, training and resources needed to successfully build, implement and scale responsible marketing programmes that comply with global privacy laws including the GDPR and CCPA.

As the DMA’s Responsible Marketing Partner, OneTrust will work with the organisation to provide software tools, training, resources and thought leadership to help marketing departments to responsibly manage, protect and administer customer data.

The GDPR and CCPA created new compliance challenges for marketers to maintain compliance while delivering customised user experiences. The partnership includes supporting the “Data Privacy: An industry perspective 2019” research. This latest survey is currently open to anyone working in the data & marketing industry to share their latest views.

The partnership includes:

  • Resources & Research: OneTrust and the DMA will produce joint surveys and webinars focused on the topics most relevant to marketers, including how to comply with the GDPR and the latest regulatory amendment to the CCPA.
  • Free In-Person Workshops: OneTrust and the DMA will partner at select PrivacyConnect and MarketingConnect workshops, free, local events that equip privacy and marketing professionals to connect, share experiences, and learn the latest regulatory requirements and implementation best practices.
  • The DMA’s Data Summit: OneTrust will also headline the DMA’s Data Protection Summit, taking place on 28 February in London.

“As the industry association representing the data and marketing industry, acting responsibly while also creating engaging experiences that put customers first is a core tenet of our Code. In OneTrust we have found a partner that shares these key values and the belief in a customer-centric approach to data and privacy,” said Rachel Aldighieri, MD of the Data & Marketing Association (DMA). “The partnership will also offer added benefit to our members, offering them access to a range of additional tools, training and resources to not just comply with privacy laws, but truly put the customer at the heart of their business. Giving them a competitive advantage by developing trust through their approach to data and privacy.”

“Becoming the DMA’s Responsible Marketing Partner was a natural fit; we share a mission to equip marketers for success while maintaining compliance with the evolving regulatory environment,” said Kabir Barday, CEO and Fellow of Information Privacy (FIP), OneTrust. “We’re excited to build upon our existing partnership and launch new research and resources for marketers. Together we’re able to provide members access to the OneTrust PreferenceChoice suite of marketing compliance tools, resources, research and best practices to responsibly manage and protect customer data.”

How to ensure multichannel campaigns comply with GDPR

One year on from GDPR, what challenges does your business face in complying, or what new concerns are emerging? As marketing teams attempt to comply, many are unsure if they have everything covered, or simply if they’re doing things correctly.

This on-demand webinar will help you to ensure that your multichannel campaigns are GDPR compliant. Listen to the webinar.

Review your marketing processes, and learn:

  • When to use Legitimate Interest
  • How to complete LIA’s effectively
  • Mechanisms for compliant data gathering and list building
  • Key differences between PeCR and GDPR
  • When to use Opt Ins vs Opt Outs

The webinar is presented by Steve Gibson, GDPR advisor to KPM Group and a Data Security Specialist with over 20 years experience. You can watch the webinar on-demand at a time that suits you. Simply follow the link below and watch on our website.

Listen now on-demand

6 ways direct mail delivers, post-GDPR

By Nigel Copp, CEO at KPM Group

With GDPR in full effect, marketers are reconsidering the most effective channels to reach prospects and customers. Direct mail marketing is subject to fewer restrictions than email, and therefore offers a way to contact customers who are otherwise unreachable.

Combining direct mail with digital activity leverages the strengths of both; for a truly successful multichannel approach. Here are 6 benefits of using mail as part of your strategy post-GDPR.

  1. DIRECT MAIL DOESN’T REQUIRE OPT IN CONSENT

You don’t always need consent for postal marketing. Quoting from the ICO website, “You won’t need consent for postal marketing but you will need consent for some calls and for texts and emails under PECR.”

  1. YOU CAN USE LEGITIMATE INTEREST FOR MAIL

Legitimate interest can be used for direct mail if you show that; how you use people’s data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object.

  1. USE MAIL AS A WAY TO GAIN CONSENT

The DMA recommend postal marketing as an effective and compliant way to gain online consent. If you can no longer contact customer segments by email use mail to encourage re-permission. Advertising mail discounts can also apply.

  1. MAIL IS MORE EFFECTIVE THAN EMAIL

Mail stands out. Mail gains higher rates of engagement and conversion than emails, with 87% of direct mail recipients influenced to buy something online. It builds trust and demonstrates that the recipient is a valued customer.

  1. UNADDRESSED MAIL DELIVERS

Create targeted mailings without using personal data. Door drops are delivered with addressed mail, enabling you to re-engage audiences that you can’t otherwise reach. Increasing in innovation and popularity, door drops stay in the home for an average of 38 days!

  1. MAIL ENCOURAGES BRAND RECOGNITION

A MarketReach study proved that mail primes other channels. This means that emails and social media promotions may be better received – and remembered – if the recipient has received mail beforehand.

And there’s more

Read KPM Group’s blog 10 Ways Direct Mail Delivers Post GDPR for even more benefits of using mail.