With Only a Month to Go: Why GDPR will be a Watershed Moment for Marketing

As consumers, we’re tired; tired of spam, tired of being gamed into receiving marketing that, in fact, we don’t want and tired of companies that have no regard for our values and, indeed, adopting an approach that that might, in fact, lead us to engage more fully with them, if only they could get away from the old-school approach to marketing. Consumers now want engagement; they don’t want to be ‘sold to’ – the goalposts have moved; to a different pitch!

GDPR, the much talked-about new data privacy law that comes into effect a month from today, is a watershed moment. It gives power back to us; consumers. And marketers will need to work harder. Buying a list of 1,000 e-mail addresses and just sending out spam in the hope that a small percentage will stick probably doesn’t really work anymore; even if they are doing it legally; for example with prior, valid, consent or based upon a soft opt-in, as it has come to be known, under the Privacy and Electronic Communications (EC Directive) Regulations 2003.

We’ve been staggered, of late, by the companies sending out e-mails saying that recipients are coming off their marketing list if they don’t opt-in by such and such a date. Why? Say 60% simply don’t get around to responding to the e-mail, they’ve just destroyed 60% of their prospects list! In fact, the company in question, may well have another legitimate reason to continue their original approach to marketing, even under GDPR, but instead they’re going to wipe out a considerable amount of valuable data. Newsflash! Companies are allowed to do marketing. It’s just that the impact of what they are doing and consideration around how that may be perceived by recipients needs to be thought about. Is there a legal basis for this processing, under GDPR – often there will be another legal basis, apart from consent. If there is, simply document it and ensure that all members of your team understand why in one instance they can carry on as before, because the continued processing of that data is justified, whereas in another, the standards will not be met, leading to a different approach.

We read something on twitter this morning; someone who had been told he couldn’t tell a restaurant (where he was holding an event) about certain delegates’ nut allergies because he did not ‘have their consent under GDPR’ and because this was required as it was ‘sensitive data’. GDPR is about looking after individuals. In fact, a failure to tell the restaurant may prove fatal for the individual! Is this an imbalance, so far as the delegate is concerned, or an abuse of his or her rights? Or rather, would they have an expectation that as they were going to the event and the event organiser knew of certain allergies that may affect them, it was in the legitimate interests of the organiser to ‘process’ this data with the restaurant to ensure they were not at risk.

A practical and common-sense approach, backed up by transparency in privacy notices and other communications and allowing consumers real choice, respecting their rights, is what GDPR is really about. Respecting those rights, not doing things that may harm consumers by overuse or misuse of their data, not gaming them into receiving marketing that they don’t want and ensuring that businesses appreciate the added value they can gain when their users, customers or whomever, choose to engage with them more closely because they are (and know they are) in charge of the way in which their information is being used. Those businesses, no doubt, see GDPR as an opportunity and it is those businesses who ultimately will achieve real competitive advantage in their sector.

If you’re yet to deal with GDPR in your own organisation; contact Richard James, our corporate and technology partner or ask for a copy of our GDPR Toolkit: details of our team for GDPR Advice or find out more about our Work around GDPR and Data Protection and Privacy Advice

Posted: 25/04/2018
Categories: GDPR