Is your company engaging in digital marketing? Then now is the right time to prepare for the UK data protection legislation which will come into effect next year. The new non-compliance fines can be exorbitant and cripple your company. So, clean up your act now, in terms of data storage, data treatment and marketing automation-setup. Get started here today, and familiarise yourself with the lingo. There’s a lot to it.
You may wonder … what is data protection, actually?
Data protection refers to the legal control over access and usage of computer-stored data. The EU Data Protection Regulation controls how personal data is used by companies, the government and other organisations. While it protects individuals, it also gives organisations certain rights and responsibilities when storing, accessing and editing persona data.
It’s really only been since the last 50 years or so that businesses, organisations and the government began using computers to store massive amounts of personal information about their customers, clients and staff in databases. This is why the European Data Protection Regulation or simpler, the Data Law, has been formulated.
The UK Data Protection Act, or the DPA 1998, is reflected in similar law making in other European countries. Often, internationally stored data can bring about issues and constraints.
DPA 1998 involves these parties:
- The Information Commissioner, who enforces the Data Law – DPA 1998.
- The Data Controllers. This is any company or person who collects and keeps data about individual people. For companies, a nominated person within a company is the actual data controller, called the Data Protection Officer. This is the person who applies to the Commissioner for permission to store and use personal data.
- The Data Subjects. This are the individuals who have data stored about them, somewhere, outside of their direct control.
Data Protection Register
Any business, organisation or person who wishes to store personal data from people must apply to register with the Information Commissioner. This requirement will come into effect in 2018.
There are 6 things to register:
- The data controller’s name and address.
- A description of the information to be stored.
- What they are going to use the information for.
- Whether the data controller plans to pass on the information to other people or organisations.
- Whether the data controller will transfer the information outside the UK.
- Details of how the data controller will keep the information safe and secure.
EU GDPR Data Protection
Everyone responsible for using data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
- used fairly and lawfully.
- used for limited, specifically stated purposes.
- used in a way that is adequate, relevant and not excessive.
- kept for no longer than is absolutely necessary.
- handled according to people’s data protection rights.
- kept safe and secure.
- not transferred outside the European Economic Area without adequate protection.
There is stronger legal protection for more sensitive information, such as:
- ethnic background.
- political opinions.
- religious beliefs.
- sexual health.
- criminal records.
You should also be aware of the PECR, the Privacy and Electronic Communications (EC Directive) Regulations 2003, which are derived from European law. They implement European Directive 2002/58/EC, also known as ‘the e-privacy Directive’. These regulations work in tandem with the UK Data Protection Act.
The purpose of PERC is to give people specific privacy rights in relation to electronic communications. PERC specifies rules for:
- Marketing calls, emails, texts and faxes.
- Cookies (and similar technologies).
- Keeping communications services secure.
- Customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.
Who’s in Charge
The Information Commissioner’s Office or ICO (ico.org.uk) is the UK body that takes enforcement-action against organisations that “persistently ignore their obligations, starting with those that generate the most complaints”. Next year’s regulation will take things a lot further, but fines are already happening today, with Honda being in the news this month. The company is fined for sending emails to sort out its database in anticipation of the future, more stringent data protection.
Data Protection Breach
This is the issue. The new EU General Data Protection Regulation (GDPR) will into effect on 25 May 2018. When enforced, companies who breach the law could be faced with dramatically higher penalties than ever before:
While previously the highest penalty ever issued was £400K, the new penalties could amount to €20 million or 4% or annual global turnover, whichever is higher. Could your business survive that kind of penalty? Best to be avoid it! With 14 months left to get organised, now is the perfect time to get prepared, and get ready to work with clean (double) opt-in lists only, further protection and adequate processes.
Our Pro-active Role
What do we see as our role in preparing the UK Marketing Automation Industry for Upcoming Data Protection Act – Legislation? Our focus is helping you, pro-actively. CloudAnalysts’ MD Jimson Lee is part of a steering committee for the marketing automation industry in London to help companies be fully prepared and compliance with the upcoming legislations. He is speaking / organising talks on a number of occasions this topic, e.g. at the Salesforce London Marketing Cloud User Group.
Interested to Learn More
We’re available for a ‘quick question’, a product demo, and even a free consultation on the ‘Marketing’ in Digital Marketing, or the ‘Digital Technology’ in Martech like Salesforce, Pardot ao.