Insightful, practical, really informative and enjoyable (yes an enjoyable GDPR event!) are just a few of the positive adjectives used to describe the REaD Group GDPR breakfast briefing. With only 3 days to go until ‘G-day’ the event was very timely – and very well attended – with a room packed full of experienced and informed marketers, Agency side Account Managers and data professionals.
There is more to GDPR than Consent!
To set the scene, REaD Group CEO, Jon Cano-Lopez, kicked off proceedings by referencing the latest consent guidance from the ICO (published only a few days before the event). The first statement in the guidance reinforces that consent is often not the most appropriate legal basis for processing data under GDPR:
ICO guidance: “The GDPR sets a high standard for consent. But you often won’t need consent. If consent is difficult, look for a different lawful basis.”
So, although the GDPR presents some new hoops for marketers, data managers and compliance teams to jump through – there is more to GDPR than consent – and life will go on beyond 25th May!
The sky won’t fall in on 25th May!
Hannah Crowther, Associate at renowned law firm Bristows LLP, delivered an engaging and no-nonsense presentation packed with salient advice (she even got some laughs!). Lamenting the barrage of opt-in requests we are all experiencing, she advised caution when deciding whether to re-permission your data – in many cases it is not necessary – particularly for existing customers, members or subscribers.
Her top tips for staying on the right side of the GDPR?
- If you are embarrassed to say what you are doing with personal data you shouldn’t be doing it!
- Avoid surprising people – use the Legitimate Interest balancing tests to determine what an individual would reasonably expect to receive
- Give individuals control over their data and what happens to it, for example, including a clear means to update their preferences or opt out- and document it
Her informed legal view: If you have carried out your checks and balances – by using Legitimate Interest Assessments in a serious and thoughtful manner – and you can evidence your process, you are unlikely to be in ICO fine territory.
What about the right to erasure? This is another area of GDPR receiving a lot of coverage but also greatly misunderstood. In fact, in many instances requests can be legitimately challenged by an organisation – using the outcome of a balancing test and where there is an overriding legal basis for continuing to hold and process the requester’s personal data (she used the examples of current employees or customers who need to be invoiced).
It’s a journey not a destination!
A pre-recorded interview with experienced CDO at Age UK, Michelle de Souza, gave us insight and sound advice – based on her hands on experience of preparing for GDPR. Their two year GDPR journey has taken them from relative disinterest internally to embracing the new principles based regulation. Michelle likened the run up to the enforcement of GDPR to preparing for your driving test, hoping you will pass – and that you don’t get pulled over!
“If you are doing something that doesn’t feel right then you probably shouldn’t be doing it.” Elizabeth Denham, Information Commissioner
Mark Roy – Founder and Chairman of REaD Group – spoke passionately about GDPR being a force for good. Surely it is better for businesses to be more transparent and honest about what they are doing with personal data so consumers can be more informed and more engaged? Talking about Recital 47 that states explicitly that the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.
By Direct Marketing the GDPR refers to Direct Mail (not email, telephone or online – which are still covered by PECR). Mark expounded the virtues of Direct Mail as an effective, more trusted, less invasive and creative channel to market. Research confirms that consumers trust direct mail more than email and that it makes them feel more valued.
In Mark’s view, once the GDPR dust has settled, the real game changer will be the ePrivacy Regulation (ePR) which is expected to replace PECR in 2020 and will shake up all digital channels.
Closing on an optimistic note, he reiterated that businesses that embrace GDPR will thrive beyond May 25th – and the future for data driven marketing is bright!