Summits Yellow

Protected Market

Tim Maytom

New EU data protection laws will come into force in 2018. With Britain due to exit the EU, will it still be bound by them? Rachel Aldighieri, managing director at the Direct Market Association, sheds some light.

Rachel Aldighieri - MD at the DMAThe EU General Data Protection Regulation (GDPR) passed into law earlier this year and will come into force in May 2018. The new rules offer consumers greater protection by changing how businesses hold, process and deal with all customer data. For brands, the legislation will also help them protect their own reputations by building long-term relationships with customers, based on transparency and trust.

In a survey of marketers the DMA conducted earlier this year, when asked about the GDPR, 30 per cent of respondents believed their company to be ‘unprepared’ for the new rules, while 42 per cent believed their marketing efforts would be ‘very’ or ‘extremely’ affected by new rules, showing the need for companies to act now.

What about Brexit?
The referendum result in June means that the UK has made the collective decision to leave the EU, which has led some marketers to believe that the GDPR will no longer impact their business.  However, the transition away from Europe will take time. Exactly how long will depend on our nation’s politicians. In the meantime, marketers that want to take advantage of the huge opportunity the EU market offers will need to continue preparing for the new data protection rules.

Even once the UK has exited the EU, any company doing business in Europe with any European citizen will need to be compliant with the GDPR, even if UK national laws change following Brexit. Additionally, EU data legislation might continue to apply in the UK as part of any negotiation to access the single market or, at a minimum, new national data protection legislation will need to be broadly equivalent to the GDPR, if not identical.

But what does GDPR actually mean for marketers? The new GDPR rules include concepts like the ‘right to be forgotten’, data portability, data breach notification and accountability that will protect consumer data. Businesses falling foul of the new laws could also face massive fines of €20m (£17m), or up to four per cent of global revenues, applicable for everyone from the smallest start-up right up to digital giants. Put simply, companies will be required to be more transparent about how they handle personal data in the future, while individuals will have more control of their information.

The legislation also means many organisations will need to appoint or hire a data protection officer (DPO) responsible for ensuring compliance with these new rules. One of the biggest challenges for many of these newly appointed DPOs will be how the new regulations will affect the process of profiling individuals using customer data, as individuals will have the right to opt out from an organisation making a decision based on automated processing. Although there is still a grey area around exactly what constitutes automated decision-making, it’s clear that this will change how many marketers are able to segment and potentially automate their marketing decisions.

Who is responsible for GDPR?
According to our research, 21 per cent of marketers admitted that they do not know specifically where responsibility for GDPR should lie. A further 22 per cent agreed that ‘senior management’ must take the lead in ensuring their organisation is fit and ready.

Data is increasingly at the heart of everything marketers do to engage customers, which means that those not preparing for the new legislation – in whatever exact form it takes – are risking the very lifeblood of their business. With this in mind, any business’s approach to data protection should clearly be a board-level issue, with customer trust prioritised as a key component of long-term brand and shareholder value. The businesses that act now will be the ones best placed to benefit from the economic opportunities that digital transformation and big data will offer, both within Europe and beyond.

This article first appeared in the June 2016 print edition of Mobile Marketing. You can read the whole issue here.