Next month Brussels will finally disclose full details of the EU data law, and with it will come a major overhaul of customer data protocol.

If this were not enough to digest in one go, it combines with the Information Commissioner’s Office (ICO) also reviewing its guidelines with a view to tightening up rules, investigating data users in the absence of any complaint, doubling in size, and introducing bigger fines for data breaches.

The ICO will double its number of employees this year, and rather than basing activity on investigation of complaints, it is actively going out and auditing companies on a large scale. For those being audited, just completing basic ICO enquiry forms can take several days.

In isolation guideline overhauls by a regulator would present the need for a data protocol review or compliance audit, but together with GDPR (General Data Protection Regulation) they present digital marketers that use any form of data that does, or may identify individual members of the public with very significant workloads.

However, there is some good news. In the latest communiqué updating the content of the EU data law, or GDPR, there was good reason to be optimistic that it will not be too dissimilar to the regulations we currently have in the UK.

The biggest challenge will be with consumer consent terms, which will not remain the same under GDPR even if very similar to what we have now. This may seem a minor technicality, but it will involve a huge amount of work.

The current terms and conditions accepted by individual members of the public when they consent to receive commercial information will no longer be applicable. The new law will come with new wording for terms and conditions, and it means asking every individual on databases to agree the new terms.

Consumers are willing to share

On the other hand, the new opt in permission levels will be familiar, and getting compliance right means heightened and relevant dialogue with consumers, which is something the buying public positively encourages. Good communication based on openness makes consumers buy more.

There are real life examples and an abundance of research that shows consumers are less concerned about privacy if they are told why information on them is wanted. More than that, most are willing to trade their personal information. A survey for the Direct Marketing Association found that 69 per cent of consumers will exchange their details if the offer is right, and research for IPG Mediabrands found 46 per cent of consumers will swap data in order to receive better targeted advertising, 48 per cent believe their digital identity has value, and 59 per cent want to share data if there is a reward.

A report titled The Rise of Me-Tail discovered that adding personalisation through enhanced data increases sales by 7.8 per cent, and another by Digital Trends found customised content is preferred by 73 per cent of the public. In addition, 78 per cent believe personalised content means brands care about them.

The fact is most customers and prospects will give opt in consent if the proposition is right, and a large number are ready to sell themselves for some kind of reward.

The findings described above are well understood by those that manage customer relationships. But the importance and value of being transparent in the use of data is not universally practiced, and the consent element is something new to customer relationship managers.

Until now consent has been primarily about terms and conditions rather than explaining a wish to have a valued conversation. Many struggle with simply cutting and pasting standard opt in terms onto web pages or paper forms. Selling consumers on the value of dialogue is currently a rare skill, but one that will have to become commonplace if valuable data is to be retained.

In the coming two years, asking for opt in consent is going to be one of the most important concerns of marketers because it is the necessary starting point of being able to communicate in the post March 2018 period after the new law comes into effect. Without, consent data will have to be written off.

Don’t get caught out

In the run up to the legal deadline, companies have a window of opportunity to learn about the opt in processes and practice it, whether via telephone, email or in paper form. There are more than two years to prepare, and the starting point should be about ensuring all existing data is audited for compliance. There are a few data companies that will do this at no cost, so it worth considering using a third party for the task.

As well as consent compliance there are two other tasks to be faced in preparation for GDPR: a right to be forgotten, and free access data provision. However, the latter only applies in reasonable circumstances yet to be defined.

The right to be forgotten involves companies creating an easily recognisable
way for members of the public to request personal information be erased, and the request will have to be acted upon promptly.

Access data – the right of individuals to see what data is held on them - will be free rather than the £10 that can currently be charged. For major users of consumer data, providing members of the public with details of their data files could add up to be an expensive procedure.

To avoid fines that could be as much as four percent of turnover it is better to start work on compliance sooner rather than later. March 2018 may seem a long way off, but given the workload involved for those that rely on customer and prospect data, there is not much time.


By Dene Walsh, Operations and Compliance Director Verso Group


GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at

comments powered by Disqus