Paul Grant, Marketing Department, Bord Bia – Irish Food Board
‘General Data Protection Regulation’ are four words that strike terror into the hearts of most companies; and the 25th of May 2018, when it comes into force, is a far scarier date than Halloween. Food and drink companies may think that it’s more of a problem for the banks and financial services companies but personal data is more than just consumer information, it covers employee data, customer data and supplier data where any living individual can be identified (e.g. email addresses, mobile phone numbers etc.). Once the information relates to an identifiable individual you will be covered by the new data protection laws. And fines of up to €20m or 4% of global annual turnover and the potential hit to your company’s reputation are enough to make anyone’s blood run cold. While these big fines make for scary headlines it is a mistake to focus too much on them. Traditionally the national data protection authorities have seen fines as a last resort and the Data Protection Commissioner focuses more on educating organisations about how to comply with the law and its sites are a great resource – www.dataprotection.ie gdprandyou.ie.
Not only do companies have to get their own house in order by May next year, they must also ensure that any suppliers they use, such as marketing or advertising agencies which may be regarded as “data processors” in the language of the Regulation, are also compliant. The new regulations apply equally to the consumer and b2b communications so while most of the focus has been on personal privacy for consumers you will need to apply the same high standards to your marketing communications to the industry.
An opportunity as well as a challenge
Ask any marketing audience if they are prepared for GDPR and a majority of people will have the guilty look of pupils who have forgotten to do their homework. But it doesn’t have to be this way – GDPR can also be an opportunity. Under GDPR individuals will have the right to withdraw consent to be included in marketing communications at any time and consent reviews must be a regular process. The UK banking group Lloyds decided that if it was going to avoid a wave of customers removing themselves from its email lists it needed to overhaul its comms to better reflect what people actually wanted. It conducted a large study to research its customers’ opinions of the group’s current marketing communications. Based on the findings they overhauled their strategy to focus on ‘how to’ content rather than product marketing. So while in the past Lloyds might have emailed customers about the latest credit card deals in the future customer will receive useful information on how to protect themselves while shopping online or what to do if they have been the victim of identity theft. For more details read “Preparing for GDPR has completely changed Lloyds’ digital marketing strategy” from the The Drum.
In the long run, GDPR should make life easier for digital marketing. Currently, European privacy legislation is governed by a hodgepodge of individual country data protection regimes but from May 2018 they will be replaced by a harmonised approach across the EU. And even the uncertainty of Brexit, which casts its dark shadow like Dracula’s cloak over so much, shouldn’t have a major impact. GDPR’s territorial scope means it will have a global influence and even Brexit is unlikely to alter this.
Still, despite this possible opportunity, most companies would be happier to face Dracula flying in their window than have the data commissioner appear at their door this Halloween!
Hungry for more?
- www.GDPRandYou.ie is GDPR-specific website to help individuals and organisations from the Irish Data Protection Commissioner
- In the UK, the Information Commissioner’s Office (ICO) has created a useful PDF document on Preparing for the General Data Protection Regulation (GDPR) 12 steps to take now
- The ICOs blog is also a good source of information particularly the posts on GDPR Myths
- While the ICO’s YouTube GDPR playlist has useful video content
- GDPR Information page from the Data Protection Commissioner