There were almost 500 data security incidents in the UK alone from April to June 2015. With significant data breaches from the likes of TalkTalk recently, companies and consumers alike need to be aware of changes occurring to data protection policies and what it means for them. We recently conducted research on the awareness of data compliance and found that 44 per cent of the marketers we asked were not aware of recent UK and upcoming EU reforms.

With governmental and international bodies’ deadlines constantly shifting, it’s time to get your house in order to avoid fines and consumer dissatisfaction. There may be a lack of updates on EU data protection reforms but more power has been given to UK courts as regulators and they are proactively enforcing compliance.

We aren’t waiting for the EU, the UK is ploughing ahead and putting people in front of courts, issuing record fines and building up a whole body of knowledge about people breaching current regulations. The key focus is to improve trust between consumers and businesses, providing greater choice and privacy. The core principles remain: collect data for a clear purpose and use it for that purpose. Put simply, if you’ve got a reason and permission to use data, you’re compliant.

What’s in it for brands?

Apart from adhering to the rules, the Direct Marketing Association (DMA) this year found that 40 per cent of consumers choose trust in an organisation as the most important factor when deciding to share personal information, four times more than any other factor offered. Like trust, security is integral to ensure consumer happiness and businesses now have an opportunity to use data protection and privacy as a competitive advantage to assure their customers that they will defend their data.

With our recent study suggesting only 15 per cent of businesses fully understand the General Data Protection Regulation, businesses need to get to grips with the intricate details of key regulations to ensure they’re offering the service their customers expect and require.

In the case of the TalkTalk data hack, consumer awareness around the risks of sharing personal data was brought back into the public consciousness. YouGov recently revealed that 72 per cent of British adults were concerned about their private information online, worried about hackers and unauthorised access to their data. In addition, Spotify’s CEO recently issued a public apology for changing the company’s privacy policy without explaining the benefits to consumers with one option: accept the terms or don’t use Spotify. This received significant backlash from the press and the public, and even led to customers unsubscribing to the music streaming service.

There is a growing intolerance for data misuse, even in the US where laws aren’t changing. Companies are being forced to accept that privacy matters. Your customers will always expect more from you than the minimum legal standards. In many ways the specific details of laws don’t matter as much as understanding the principles that the laws are trying to promote and protect – transparency, fairness and consumer protection.

We are now firmly in the era of the ‘new normal’. It is one of change and strengthening of individuals’ rights and increasingly robust and hands-on enforcement. The self-regulatory regime of former times that we are used to, has now gone. Brands must understand their responsibilities and liabilities when it comes to protecting consumer data. Although EU data protection reforms are yet to be confirmed, the UK isn’t waiting. Our regulators understand the changes set to come and are enforcing action now.

For brands, the priority should be putting the customer first. Customers have standards and expectations far higher than the legal minimum standards, so respect them. If you want customer data, you need their consent.


By Steve Henderson, Compliance Officer at Communicator

GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at

comments powered by Disqus