5 Key GDPR Questions

The EU Data Protection Regulation (gdpr) is replacing the Data Protection Act, reshaping the way organisations approach data privacy. It aims to give citizens back the control over their own personal data. The enforcement date is 25 May 2018 and those in non-compliance may face heavy fines.

Marketing Week recently published an article on ‘GDPR: Five questions marketers must answer before May’.

These 5 questions can help towards your data privacy changes:

  1. Have you completed a data audit? – It is recommended you examine your data flows. This can be a real eye-opener for organisations, as they may find bits of data lying around that not everyone knows about.
  2. Is consent the right course? –You may decide to take different actions for different data categories. If your recent data fulfils the requirements of GDPR then re-permissioning shouldn’t be required. However if older data doesn’t have adequate permissions than you may need to refresh consent for this category.
  3. What are your ‘legitimate interests’? – The requirements of using legitimate interests are that you have a relationship with the consumer, and that they would reasonably expect you to carry out the specific kinds of data processing you are employing.
  4. How sensitive is your consumer profiling? –Legitimate Interests could also be used for profiling non- sensitive data. However if you are profiling sensitive data, such as household income received from a third party, you may need to ask for consent.
  5. Could your mum understand your privacy policy? – You need to tell people everything and it must be really easy to understand. Privacy policies are there to inform the consumer and not just to protect the business.

Positive are ISO 27001 and DMA accredited print, direct mail and multichannel marketing specialists. Our multichannel marketing service could help you re-permission data that doesn’t meet the GDPR standard.

For further information please contact Danny Sullivan, Managing Director on 020 8544 5500 or email danny@wearepositive.com

Source: Michael Barnett (2018) ‘GDPR: Five questions marketers must answer before May’ Marketing Week. Available at: https://www.marketingweek.com/2018/02/14/gdpr-five-questions-marketers-must-answer-before-may/

7 Advantages of Direct Mail post GDPR

The EU General Data Protection Regulation (GDPR) is an evolution of the existing Data Protection Act coming into force on 25 May 2018. Direct mail will play a unique role in communicating with your customers post GDPR. It is important to know the advantages of direct mail and how it can help drive your businesses success.

Royal Mail recently released a guide on The GDPR Opportunity with Mail.

Here are our top 7 ways direct mail could help your business thrive in a GDPR world:

  1. You will not need consent for postal marketing – However you will need consent for some calls and for texts and emails under PECR.
  2. Mail is recommended by the DMA to get consent– Some organisations will decide to repermission some customer segments and mail is well suited for this.
  3. It is easy to stay in touch – Often people only have one postal address unlike email where people have multiple accounts. They also value being able to open a physical item, whether it’s a letter or a parcel packaged by Australia Post Boxes from PackQueen.
  4. Mail offers higher response rates than email – Mail is welcomed by recipients as it reassures people that companies recognise and value them.
  5. Mail primes other mediaRoyal Mail’s Private Life of Mail study proved emails and other electronic communications are better recognised and received if the recipient had been mailed in the weeks before.
  6. Don’t forget the power of unaddressed mail – Door drops can be delivered with addressed mail that enables you to re-engage without using personal data.
  7. No fines as yet for using mail for marketing – According to ICO website 17 penalties were issued in 2017 for channels used such as text, calls and email none for using mail.

Positive are ISO 27001 and DMA accredited print, direct mail and multichannel marketing specialists. We offer a complete start to finish direct mail service, from data cleansing and management to printing and postage.

Find out more about our direct mail service here.

For further information please contact Danny Sullivan, Managing Director on 020 8544 5500 or email danny@wearepositive.com

To download Royal Mail’s “The GDPR Opportunity with Mail” visit http://www.mailmen.co.uk/GDPR/mail-opportunities

GDPR- 12 Steps to Take Now

The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. The enforcement date is 25 May 2018 – at which time those organizations in non-compliance will face heavy fines. If you need to keep up to date on GDPR and how it develops, there are gdpr lawyers that can keep you informed about this new regulation.

Who does the GDPR affect?

The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. There are many articles out there displaying the laws and regulations of this new change coming in to place, some of which you can read here.

It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. If your company is affected by GDPR, then you need to make sure that your business is GDPR compliance.

What constitutes personal data?

Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

12 Steps to Take Now

The Information Commissioner’s Office (ICO) has produced a handy guide and diagram, which recommends that organisations take the following steps:-

  1. Awareness- You should make sure that decision makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.
  2. Information you hold– You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit, and consider changing the organisation methods for the personal data. Digitising it via FilecenterDMS.com or similar software can help with this process if you are still handling physical documents in your business.
  3. Communicating privacy information– You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
  4. Individuals’ rights– You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
  5. Subject access requests– You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information.
  6. Lawful basis for processing personal data– You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.
  7. Consent– You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.
  8. Children- You should start thinking now about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.
  9. Data breaches- You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.
  10. Data Protection by Design and Data Protection Impact Assessments- You should familiarise yourself now with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and work out how and when to implement them in your organisation.
  11. Data Protection Officers– You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements. You should consider whether you are required to formally designate Data Protection Officer.
  12. International- If your organisation operates in more than one EU member state (ie you carry out cross-border processing), you should determine your lead data protection supervisory authority. Article 29 Working Party guidelines will help you do this.

To download the ICO’s “Preparing for the General Data Protection Regulation (GDPR)- 12 steps to take now” Guide and Diagram visit https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf

Image Credit: Information Commissioner’s Office

Resources:-

You may also like:-