GDPR, WHAT IS THE RELEVANCE?

It is almost a year and a half into GDPRs legislation release. We have had 14,000 data breaches reported in the first year alone within the UK, and the two largest recorded fines to date being dished out to UK firms British Airways and Marriot totaling ￡300m in July of this year. It would appear GDPR has impacted data and marketing communication in the UK. But how much of a bearing has GDPR had on marketing and sales activities? And is it affecting B2B marketers and lead generation in the same way as B2C?

Furthermore, what happens with Brexit? If we are no longer part of the EU, do we still need to follow GDPR, which only applies in law to EU countries?

An Overview of GPDR

Not quite sure what GDPR is? And you work in sales and marketing? Please read this article pulled together by the ICO. For the sake of yourself and your business! But in short, GDPR stands for The General Data Protection Act and acts as an additional protection law on personal data. The GDPR allows individuals more control over what data is kept by companies on them, and its use in a marketing and outreach capacity.

A look back at year one has shown an increase in customers’ exercising their information rights since 25th May 2019, according to DPO’s surveyed in March this year. It is also suggested however that companies have been taking GDPR seriously, in the same report the ICO states;

“We closed over 12,000 of these cases during the year. Of these, only around 17.5% required action from the organisation and less than 0.5% led to either an improvement plan or civil monetary penalty. While this means that over 82% of cases required no action from the organisation, it demonstrates that businesses are taking the requirements of the GDPR seriously and it is encouraging that these are being proactively and systematically reported to us.”

The effects we have seen since GDPR

GDPR has had a big effect on the collection of personal data, and its use within a marketing capacity, especially within B2C sectors. Previous implied consent, prechecked boxes, and other forms of consent where opt-out is required, rather than opt-in, are no longer valid. Companies are having to prove where the data has come from, the purpose and use of its’ collection, the need for each element, its relevancy to the reason it was collected and that consent was gained at the time of collection. This has been a wake-up call for many who work in CRM roles where stringency may have become lax and has cast a stark light on the state of some company's data collection and storage in light of having to be reviewed for GDPR.

GDPR casts its net much wider than sales or marketing though, due to its focus on the protection of personal data and the publics broader understanding of subject access requests a large volume of the prosecutions have been brought against companies for not protecting the data they have correctly or failing to reply to requests on data rather than direct marketing activity – Although there have been some. Remember PECR was already in place prior to GDPR and already has a fairly clear policy on digital marketing communications. However, it’s likely, rightly or wrongly, lots of people in the industry have only heard of PECR since GDPR. But more on PECR later.

Overall marketer's feedback has been more positive than expected. Having positive opt-ins has increased engagement in content, produced higher quality conversations and sales, seeing more fruitful meetings. This all suggests having a positive opt-in with someone who wants to hear from you breeds a more positive long-term relationship. It’s obvious really, when you think about it.

Has GDPR affected B2B differently?

For the most part GDPR appears to have avoided B2B companies when it comes to fines. At least where mistakes have not been made by contacting opted-out data, or those already on the telephone preferencing system. This may be due to the slight loophole of ‘Legitimate Interest ’ which allows B2B companies to justify the ground of communication to be beneficial to their own business while not coming as a surprise to the individual within a business capacity. Legitimate Interest allows communication to these individuals regarding products or services relevant to their business profession as long as proper documentation is kept (think DPIA and LIA documents) and is written into companies privacy policies and privacy statements with a clear and easy way for the individual to manage their preferences and opt-out if requested.

As far as research suggests, there have not been any large scale fines for business contacting individuals in a business capacity, like those we have seen in the B2C space. This doesn’t mean GDPR should be discounted; however if managed correctly, highly effective channels within the business development and marketing space, such as email, phone and automation can still be utilised to support successful sales and business growth – As long as the law is properly understood and the correct steps and taken.

It’s not all about GDPR

GDPR isn’t all we have to worry about, however. PECR, The Data Protection act 1998, and Telephone Preferencing make up a large proportion of enforcements brought by the ICO when reviewing ‘actions taken’ dating back to January 2019.

EE Limited was fined ￡100,000 for sending 2.5 million direct text messages to its customer without consent, along with Vote Leave being fined ￡40,000, Leave.EU being fined ￡150,000 and Hall & Henly Ltd being fined ￡120,000 for similar activity, all falling under PECR within the ICO legal framework. Making it easy Ltd, Superior Style Homes Ltd, and Smart House Protection have all received legal action within the same period for contacting people on the Telephone Preferencing Service (TPS) with unsolicited calls. While Hudson Bay Finances Ltd and Metropolitan Police Service have received legal action for failing to comply with individuals’ rights concerning Subject Access Requests.

The point being, if you are only focusing on GDPR you are doing it wrong!

There are multiple laws on data and its usage, and all need to be taken into account to ensure you’re following the law correctly when it comes to the use of customer or prospect data.

Will you stop saying GDPR now, please?

Maybe…? The answer lies in whether once Brexit hits if we are still required to follow GDPR laws. Although we will no longer be part of the EU in which the law applies, UK government intends to write GDPR into UK law; however, this is yet to be agreed and will be affected by the outcome of the deal vs no-deal. The government has supplied some advice that may be helpful here, while the ICO has also pulled together some guides on the subject.

Overall we will still see the effects of GDPR on sales and within our marketing teams and its effect on regulating data control. Fines are ramping up with the ICO, Brexit’s effect is uncertain and further legislation is set to come in the form of e-privacy regulation which is set to add additional restrictions and levels to data privacy later in 2019/2020.

The future is unsure on what sales and marketing teams will need to comply with moving forward, however, what is clear is it’s always a better experience when the person wants a relationship with you. The more you nurture someone, the more likely they are to buy from you. Keeping all data up to date, opt-in consent and understanding preferences is all good for business.