It has been almost two years since the initial adoption of the GDPR in the EU, meaning that the data protection act will soon be enforced in the coming months.People have known about this for years now and yet, many marketers don’t quite understand how this will change their business. What does GDPR Compliance actually mean for marketing in the UK? Before it’s enacted, learn more about the new regulations here.[toc]
What is General Data Protection Regulation and what are requirements?
The GDPR is a regulation in European Union law on data protection and privacy, applying to all individuals who are a part of the European Union. Essentially, it’s related to the export of personal data outside the EU, as it aims to give control back to citizens over their personal data.Businesses see benefit too, since the General Data Protection Regulation will simplify the regulatory environment for international businesses. This regulation is meant to replace the 1995 Data Protection Directive that was adopted on April 27th, 2016.After the two-year transition period is over on May 25th, 2018, it will be enforceable, allowing for the homogenization of data protection regulations throughout the EU.This will make it easier for international companies to comply with regulations, although there will be a serious data protection compliance regime and high penalties for violations. [sc name=”brake”]
GDPR Implications for Marketing
The GDPR will affect how businesses operate. With the implementation of these regulations, there will be new methods for explaining and obtaining content for prospective and existing customers who are a part of a company’s email lists.Essentially, the way you use data will be completely different. Marketers will need to demonstrate that their company is GDPR compliant and if they can’t, it’s likely that a fine will be enacted.This means that all marketers must align themselves with GDPR principles, making the collection of data incredibly important. When markers are collecting personal data during marketing campaigns, they are only able to use this data for the purpose they obtained it for.In other words, databases cannot grow using traditional methods, as consent must be continually given.Databases will need to be completely cleansed and reviewed in order for companies to clarify that they’ve received consent lawfully and fairly, that data is being used legitimately and that the information is accurate.This means that users will be able to easily access the data companies have on them and can unsubscribe with more ease, while companies have to do more to justify the data they currently hold.[sc name=”brake”]
GDPR for B2B Marketing
Usually, data subjects of B2B marketing are seen as a sort of fair game by marketers, as long as there are appropriate opting out procedures set up. Marketers were basically free from the strict marketing regulations in terms of obtaining data permission.Now, with the advent of GDPR, there must be explicit consent of the data subject in cases where processing is necessary for performing tasks or protecting the interests of the subject.This doesn’t apply as strictly with B2B marketing though, since the GDPR only applies to data relating to individuals, rather than to businesses.Data that is clearly related to a business is outside of the GDPR, although all personal business emails still fall within the realm of personal data. [sc name=”brake”]
Affecting B2B Marketing
Consent will be more rigid with a notable change in the opt-in process. There can be no ambiguity, no pre-ticked boxes, or any other marketing methods. Opt-in must be separate and individual, with a clear right to withdraw.B2B marketing will be most affected by the idea of legitimate interest, which means that data processing needs to be done for the genuine interest of the individual.Companies most commonly fit well into this category, since as long as a company can prove that a person has an interest in what’s being marketed, their data can be collected. [sc name=”brake”]
GDPR for Email Marketing
Email marketing is incredibly common in the modern world and is a great way to spread the word about a company’s products or services.The marketing industry uses email all the time, but many people are concerned about how the GDPR will change that, since it is meant to give power back to the data subject. In this case, that’s the person who receives the email.In future email marketing campaigns, the marketer must explicitly ask for consent of data access so that subjects can clearly see what they’re agreeing to.Consent cannot be assumed, people have to actively opt-in and every difference between handling different types of data must be explained with separate consent.Marketers will also have to reveal the name of the organisation that handles the data as well as any names of the third parties who also handle the data.If subjects do not want to participate, they need to easily be able to withdraw, as there can’t be any power imbalance between the data subject and the organisation. In this case, consent may have to be renewed and reconsidered multiple times.
How to Adapt GDPR
The servers where you store information should be located in Europe, meaning that data cannot be sent outside of the EU – this includes Cloud services. Consent is also required for all information that is collected.Not only is consent needed, but the manner in which consent is obtained is important too. Boxes cannot be pre-ticked and silence is not considered to be an affirmation to collect information. Everything must be obtained with explicit consent from the subject. [sc name=”brake”]
If you’re working with any type of data, it’s mandatory to keep all of your data transparent. The subject must be in the loop for all aspects of data collection, transfer and use.They need to know what you will be using their data for and if you plan on transferring that data anywhere else.
The GDPR is also concerned with what type of data you’re storing. Only data that is needed for whatever service you’re providing should be stored – this is known as data minimisation.Subjects should be able to ask what personal data companies are storing and why that data is needed. You’ll need to be able to relay this information while giving them the chance to opt-out.
Data Storage and Processing
The controllers and processors of data processing operations must create a record of all processing activities that they partake in. If your data processing operations are expected to continue past May 25th, 2018, all activities have to be recorded from that date onwards.
Purpose and Limitation
You must disclose the purpose of the data you’re using, although you don’t necessarily need consent when it comes to providing a service that is a legitimate interest of the individual. For instance, if a brand has a direct benefit, online marketing can count as a legitimate interest.
Companies must have a security certification that is not just a listing from a self-certifying body. A certification badge on a website is not enough to prove that you’re actually compliant with the new data protection laws.You must have a European certification and a security badge that will work for your company; these have to be certified by an expert or legal counsel. A risk analysis must also be carried out for your processing activities too.This is meant to help you determine the security measures that need to be implemented to be sure that you meet the requirements of the law. [sc name=”brake”]
Any data collected should be accurate. This can be done by an appointed data protection officer, or by trained employees who are considering how the data is being collected and what it will be used for.
Everything must be accounted for when it comes to people’s data. The new requirements for the transparency of processing mean that all data should be accounted for and any mediums used to collect data should be made clear to the individual.Information clauses should be published on your website to keep you accountable.
End of the Relationship
If a subject does not want to continue to have their data used or does not want to contribute data, they must have the opportunity to opt-out. This can be a simple “unsubscribe” button or an opt-out page.
If you’re continuing to obtain data with the implementation of the GDPR, the privacy of the subject is a main concern. This means that to retain your data, you must redo consent and must conduct a data protection impact assessment of the processing operations.People can also do a double opt, meaning that even when they agree to have their data collected, they will also have to respond to an email to confirm. [sc name=”brake”]
Since the subject has the power to opt-out and must know what their data is being used for, they also have the right to have their data deleted.Databases have to be cleared out with the implementation of the GDPR to be sure that all regulations are met. In other words, data not in compliance will be deleted.
The GDPR will be enforced fully in the coming months, meaning that companies have been scrambling in an attempt to be sure they meet data regulations.Marketers need to consider how data will be collected, what it will be used for and what information they need to be transparent.Before the GDPR is enacted fully, it’s best for marketers and companies to consider these points to see how the GDPR will affect marketing in the UK.
We are using cookies to give you the best experience on our website.
You can find out more about which cookies we are using or switch them off in settings.
You can adjust all of your cookie settings by navigating the tabs on the left hand side.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
This website uses the following additional cookies:
HotJar Helps us track activities on the website to improve targeting. Does not collect any personal data.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
Easy Internet Services Ltd is committed to respecting privacy of customers and users of the our websites. We have developed this policy because we want you to feel confident about the privacy and security of your personal information.
Who we are
Easy Internet Services is registered under the Data Protection Act in the United Kingdom as a Data Controller (registration number 4110571) and takes all reasonable care to prevent any unauthorised access to your personal information.
Personal Information Collection
Non-personally identifying information
We may also collect information on how users interact with our websites by using cookies and log files which may include your Internet Protocol (IP), browser “user-agent”, pages viewed and other activities similar activities.
If cookies aren’t enabled on your computer, it will mean that your shopping experience on our website will be limited to browsing and researching; you won’t be able to add products to your basket and buy them.
The list of Cookies that are currently running on our website(s): – Google Analytics – Google AdWords – Social Media Share Buttons by ShareThis.com and AddThis.com How will we use the information
Easy Internet Services Ltd may use the personally identifiable information collected to contact customers regarding products and services offered by the group of companies and, as necessary to provide the products and services to the customer, our suppliers, contractors and partners. We may also use information provided for research, marketing, advertising, sales and statistical analysis. We will not in any way share this information with a third party for free or by selling it outside the Easy Internet Group of companies, unless you specifically authorise such disclosures. We will also use your information for processing your order(s) and managing and administering your account, delivering any services products or information requested by you, responding to enquiries or complaints, verifying your identity and for administering debt recoveries.
Easy Internet Services Ltd may also disclose aggregate, anonymous, data based on information collected from Users to investors and potential partners. In such cases, statistical information only will be disclosed and personally identifiable data will be kept strictly confidential. If Easy Internet Services Ltd or a brand name is sold to a third party as a whole, the information collected from users may be transferred to the new owners.
We may also collect and use other information for internal purposes – for example, contact with our technical support or sales departments, accesses to your account and any reported violations of our terms and conditions that you or someone on your account may have committed. This is to help us fit the service to your individual needs, to help us diagnose problems you may be having and for system security.
Disclosure of information to others
We may disclose information about you, your account to companies operated by Easy Internet Holdings Ltd, in the event we undergo re-organisation or are sold to a third party or, as necessary, to our suppliers for them to be able to supply certain items to you (such as domain name registrations). We do not sell or pass your personal information to third parties (other than as already stated) unless you have given us permission or unless it is necessary to delivery the products and services ordered or used by you. Easy Internet Services Ltd may also be obliged to disclose your personal information to meet any legal or regulatory requirements or obligations in accordance with applicable law.
On occasions, it is necessary to send out service related announcements, such as maintenance and upgrade warnings. Users may not opt-out of these communications, though they can deactivate their account.
Length of data retention and Data Maintenance
The time period for which we keep information varies according to what the information is used for. In some cases, there are legal requirements to keep data for a minimum period. Unless there is a specific legal requirement for us to keep the information, we will retain it for no longer than is necessary for the purposes for which the data was collected or for which it is to be further processed.
The data may be stored on one or more databases directly or indirectly maintained by Easy Internet Services. We employ industry standard security measures to protect the confidentiality of the information, but whilst we cannot guarantee that any loss, misuse or alteration of data will not occur, every effort is made to prevent such occurrences. Any particularly sensitive information (such as credit card details) is encrypted prior to transmission to us and will only be stored in encrypted systems.
Access to your information
If you wish to find out what personal information Easy Internet Services Ltd holds about you, please tell us and give us any relevant information (such as your full name, address and internet domain names) to enable us to locate the information about you because this will speed up our reply. We may be able to provide the specific information you want without you having to make a formal request. You can make a formal request if you want to know what personal information we hold about you. In this case, please put your request in writing and send it to us enclosing a cheque for the administration fee of ten pounds sterling made payable to Easy Internet Services Ltd and sent to: The Data Controller, Easy Internet Services Ltd, Unit D, Edward House, Grange Business Park, Whetstone, Leicester, LE8 6EP.
Please be aware that communications over the Internet, such as emails/webmails, are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the World Wide Web/Internet. We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.
Transferring your information outside the EEA
It may sometimes be necessary to transfer your personal information to companies located in countries outside of the European Economic Area. This may happen when our servers, suppliers or service providers are based outside the EEA. The data protection and other laws of these countries may not be as comprehensive as those in the UK or the EU – in these instances we will take steps to ensure that your privacy rights are respected.
If the information we hold about you is inaccurate, please let us know and we will make the necessary amendments and confirm that these have been made. If any of your information changes, it is your responsibility to notify us about the change as soon as possible. It is your sole responsibility to ensure that all usernames and passwords issued to you are kept safe and secure.
Monitoring/Recording of communications
We may monitor or record your calls, emails, text messages and other communications that may take place in accordance with UK law, and in particular for business purposes, such as for quality control and training, to prevent unauthorised use of our systems, to ensure effective systems operation and in order to prevent or detect crime.