Protected: 4 reasons your organisation probably won’t escape the new data laws

This content is password protected. To view it please enter your password below:

Consent: if it’s not ‘yes’, its ‘no’. There is no middle ground.

yes no greyGetting consent to send your subscribers emails and marketing information is fundamentally important, not only so that you can send your future campaigns legally but so you can be 100% sure that person wants to hear from you.

The clock’s ticking and with a zero-tolerance approach and heavy fines being introduced, you can’t take the risk of not being able to prove consent. Sending to someone who hasn’t explicitly told you they want your want your articles, advice, newsletter emails and other marketing will leave you in deep waters once the GDPR comes into effect.

Where B2B communication stands now

At the moment we’re able to assume consent if the person we’re emailing doesn’t unsubscribe or opt-out of those messages. If someone’s subscribed to you 2 years ago but hasn’t opened an email since, you can still send to them as they haven’t chosen to physically opt-out yet. In future, this won’t be enough.

What’s changing?

You can no longer assume you have someone’s permission
When the changes come into effect, consent can no longer be implied, and an indication or an assumption of consent will not be enough to keep you on a clear track.

“Silence, pre-ticked boxes or inactivity should not constitute consent” – Recital 32, GDPR

Stating: “If you don’t want to hear from us again, tick this box or click this link” in the small print at the end of an email will not be enough.

Consent needs to be explicit

The savvy among us will make sure they have explicit consent to use a person’s data or to send them emails and marketing. Explicit consent means the subscriber must take a positive action to consent to your marketing.

“Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of agreement” – Recital 32, GDPR

Not only that, but your subscriber must be clearly informed of how you will use their data and exactly what they are consenting to. This means no more hiding behind jargon full privacy policies. 

As a minimum they need to know:

  • The identity and contract details of whoever controls their data
  • The purposes of processing their data
  • How long their data will be stored for
  • Their rights to access, erase or to object to the processing

“The request for consent shall be presented in an…intelligible and easily accessible format using clear and plain language” – Article 7.2, GDPR

Consent needs to be provable
Because of the increased risk of fines and legal action, you want to be able to respond to queries and complaints quickly and easily.

“The controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data” – Article 7.1, GDPR

This means when you gain consent you should collect it in a manner which shows where and when consent was requested and given, and what the context or detail of that consent was.

It should be as easy to withdraw consent as it is to give it
Controllers must inform data subjects of the right to withdraw before consent is given. Once consent is withdrawn, data subjects have the right to have their personal data erased and no longer used for processing.

“Consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment” – Recital 42, GDPR

What to do?

The important thing here is not to worry. This all sounds scary, but taking the right steps now will prevent this from becoming a major issue 18 months down the line. Take a look at these 6 steps, give us a call on 01672 505050 or drop an email to gdpr@nett-sales.com to chat with one of our specialist advisors.

How relevant are changes in B2B communication legislation to UK businesses?

night-city-1149601_960_720As the dust settles following the EU Referendum, many people’s thoughts have moved away from the frenzy of political and economic news, to how Brexit will affect their businesses’ day to day operations. In particular, the impact that Brexit may have on the GDPR passed in May. The short answer is that it won’t.

Since 2010, there has been a global recognition that the laws written in the 1990s are no longer relevant to the increasingly sophisticated world of B2B communication and marketing.

Canadian initiatives such as Bill C-28 (2010) and CASL (2014), the sudden rejection of the US-EU Safe Harbour agreement (2015) and the publication of the GDPR (2016) are all symptoms of this global recognition and indicate that significant changes to laws surrounding B2B and B2C communication are on the verge of being implemented on a global scale. Manny Zarate has been helping business owners worldwide in the most competitive industries with amazing results with his proven and effective SEO Company.

So where does this leave UK companies?

Fallout from Brexit

“The GDPR has offered a unified, blanket solution that all companies around the world could comply to. If the UK will not adhere to the GDPR after the Brexit, it will need to negotiate a separate data privacy agreement with the EU that continues to make it an attractive country to prospects.” – Amy Johnson, Emerson Network Power

The GDPR will come into force on 25th May 2018; before the UK’s likely withdrawal from the EU. Importantly, as a European Regulation, the GDPR has direct effect in UK law without the need for separate legislation by the UK Government.

Since Brexit seems unlikely to have an effect until October 2018 at the earliest, this means that all UK organisations will need to comply with the requirements of the GDPR for around 5 months at the very least.

The role of the ICO

“It is unlikely that the UK is going to want to start drafting a new data protection law, especially during a time when there will be so many other demands on parliamentary time, only to face the uncertainly of placing it before the European Commission for an assessment of its adequacy. More efficiently and, in our view, more likely, is that the UK will simply adopt the GDPR, a text which it had significant input on.” – Riannon Webster, Partner at DAC Beachcroft

It’s difficult to tell how the landscape will change over the next few years, but the expectation is that the GDPR will live on in some form under UK law after 2018.

What we do know is that the ICO is very keen to reform current regulations, arguing the need for uniform global standards in order to broach international trade agreements. Canada and Switzerland are already implementing parallel laws and you can bet the ICO will drive this forward in the UK even without the EU.

Moreover, it seems unlikely that the UK Government, acting on the advice of the ICO, would start from scratch in drafting a new data protection law, so expect large parts of the GDPR to stick around.

The alternative

“A failure to implement such equivalence will lead the UK down a path similar to the US, which is enduring the demise of Safe Harbour and a torturous agreement process with its replacement, Privacy Shield. This would severely affect UK firms’ ability to compete in Europe.” – Duncan Brown, European Security Practice

If the UK wants access to the Single Market, it’s going to have to align a lot of its laws with the EU’s. As Marc Dautlich emphasises “Norway complies with about three quarters of EU legislation but has very little influence over its content. Under this model, it would be unlikely that the UK would move significantly away from GDPR”

On a business level, we are unlikely to be taken seriously by EU traders if we don’t comply with the same standards. GDPR also applies to any organisation, whether located inside or outside the EU, if that organisation:

1. Offers goods or services to EU citizens
2. Monitors the behaviour of EU citizens

Therefore, in some way or another, UK businesses will need to abide by these laws (or a very similar set of laws) for the foreseeable future.

More information

You can find out more about GDPR here…
Or you can see the consequences of this for your business and the steps you can follow by clicking here…

If this is something which you’re worried about, give us a call on 01672 505050 or send an email to gdpr@nett-sales.com to speak to one of our specialists. 

We’ve put this together with the help of the following people, some of whom we’ve quoted directly. See more of their advice and opinions below.
Duncan Brown, Research Director at the European Security Practice
Riannon Webster, Partner at DAC Beachcroft
Amy Johnson, VP at Emerson Network Power
Marc Dautlich, Data pPotection Law Specialist, Pinsent Masons
Carla Arend, Program Director, European Software

 

3 ways B2B communication laws will change your business

cookie monsterThere’s a lot of buzz around the new B2B communication laws passed earlier this year, and the question on everyone’s lips is ‘What does it mean for my business?’

The short answer is a strong dose of change, but there are three areas in particular you may need to take note of:

Opt-in replaces opt-out
“If you don’t want to hear from us again, tick this box or click this link” – sound familiar?

We all use it! Yet under the new laws, the opt-out will be no more. Instead, opt-in consent will be required for all marketing communications.

Informed consent is the new minimum standard
“Our sales have always been solid. We own data lists, sometimes we buy more, we send them emails and we get leads. Why change now?” – Simply owning the data isn’t enough.

If you hold, contact or track a database then you’re going to need to get the consent of each person in that database. You’re also going to need to prove it.

Consent cannot be implied by inaction, it must be the result of a positive action by individuals. They must know exactly what they’re consenting to, and pre-ticked boxes aren’t an option. You can also find out more on consent here… 

No difference between ‘business’ and ‘consumer’ data
“Isn’t this only the case for consumer data? We’ve always been able to contact other businesses in the past…” – From now on the same rules apply to both.

The legislation also makes no distinction between B2C and B2B communication. All data is now personal and if you can identify a person from the data you hold then its time to get their consent.

We haven’t seen such significant changes to data legislation since 1995, when floppy disks were still used and a cookie was a treat you had with a cuppa. A lot has changed since then and reforms are well overdue.

But what do I do about it?

It all sounds scary, but taking the right steps now will set you up nicely for when these laws come into force in 2018. If you do this right, you could find yourself with a database of refined, engaged and relevant people with a genuine interest in your services.

The best thing to do at this point is take a look at these 6 steps and tackle GDPR head on. Check them out here…

Getting in the know now will give you time to prepare properly and ensure you gain an edge over your competitors. Brush up on your knowledge here…

Alternatively, give us a call on 01672 505050 or drop an email to gdpr@nett-sales.com

General Data Protection Regulation – What does it mean for you?

iStock_000016267659XXXLarge - CopyThe GDPR was approved in May 2016 and is set to have a huge impact on the way B2B relations are carried out.

In all honesty, no one knows exactly what it means, the legislation itself is plagued with vagaries and there seems to be little clarification on what it means for the world of B2B communications. But here’s what we do know, and how it will impact your business.

Who will be affected?

If your organisation:

– Possesses or processes data pertaining to an identifiable person
– Contacts those individuals via email, phone, SMS or post
– Tracks their engagement via e-shots, cookies, or landing pages for the purpose of profiling an individual

Then you need to start thinking seriously about how GDPR will impact on your business, and start taking immediate steps towards compliance.

What does it mean?

 What is personal data?
  • Full name
  • Job title
  • Work email address
  • Direct phone number
  • Data relating to an individuals actions or behaviours
  • Computer IP address

There is no longer any difference between “business” and “consumer” data
The GDPR makes no distinction between B2C personal data and B2B personal data. It’s all personal and subject to the same rules. B2B businesses will need to update their processes to ensure the same levels of protection are given to anyone they wish to contact.

Opt-in replaces opt-out
The opt-out is a familiar part of marketing communication these days: “If you don’t want to hear from us again, tick this box or click this link”. Under the new EU laws, the opt-out will be no more. Instead, opt-in consent will be required for all marketing communications.

Informed consent
Data controllers need to be able to prove that users gave unambiguous, informed, contextual consent and knew exactly what they were agreeing to.

Consent cannot be implied by inaction, it must be the result of a positive action by individuals. Soft opt-in may apply in some circumstances, but it’s better to be safe than sorry.

Right to be forgotten
Individuals now have the right to force data controllers to delete all information they hold on them, including any details retained on a “do not contact” list. Businesses will have to work out new processes to ensure all personal information is thoroughly and permanently erased.

Data on EU citizens will be treated the same wherever in the world it’s held
The Regulations grant enforcement bodies greater powers that apply anywhere in the world, not simply in EU member countries. If you hold data on any EU citizen then you’ll need to comply.

This is a Regulation and not a Directive
Directives are legal guidelines that EU countries must achieve by their own means, whereas Regulations have binding legal force and all come into effect at the same time. In other words, the GDPR is a pan-European law that won’t be influenced by the UK Parliament.

When do I have to comply?

The GDPR was published on 25th May 2016. It gives organisations 2 years to become compliant, so the deadline is 25th May 2018.

So what do I do next?

See the consequences of this for your business and the steps you can follow to ensure you comply here…

If this is something you are concerned about, why not give us a call on 01672 505050 or drop an email to gdpr@nett-sales.com

This article together with the help of the following pieces, some of which we have quoted directly.

‘How the GDPR will affect B2B marketing’ – CPB UK
‘3 ways the new EU data laws will impact your B2B marketing’ – Claire Gardner, Cyance
’10 Must-know facts about the new EU data law’ – Graham Smith, marketinggraham.com
‘Infographic: How the EU plans to kill B2B marketing’ – Graham Smith, marketinggraham.com

’10 things B2B marketers should know about the new EU data protection regulations’ – Rob Diggle, Databroker
‘What does the GDPR mean for email marketing?’ – Cheryl Buckingham, Artisan Send