As organisations lean forward to the GDPR start-date of May 25th, bosses should not neglect the past and the importance of communication legislation, such as the UK’s Privacy and Electronic Communications Regulations (PECR).
When the GDPR begins, PECR will run in parallel until new EU laws on ePrivacy are introduced in 2019. Until then, marketers will still have to respect PECR laws on sending marketing emails, text messages and executing telemarketing calls. Executives will also have to think about which lawful basis for the processing of personal data they are depending on.
Lawful bases for processing under the GDPR
Consent or Legitimate Interest (LI) are the two bases for data processing that will underpin direct marketing operations, each of which call for specific terms to be met. Under PECR, consent is also required for sending of marketing emails or texts.
However, the ‘soft opt-in’ under PECR, allows marketers to get around consent, if the following can be guaranteed and evidenced:
- Contact details have been captured within part of the sale of a product or service.Only similar
- products and services are being marketed (and are therefore deemed to be relevant).
- A clear opportunity to opt-out of marketing was given when the contact details were collected, and in each of the following interactions.
Under these conditions, marketers may be allowed to email or text their existing customers without relying on consent, but these grounds cannot be used for prospective customers, purchased lists and normally are not valid to charities or other non-commercial pushes.
PECR also draws a line between corporate and individual contacts, that latter of which also includes sole traders. Consent rules for emails and texts, and the ‘soft opt-in’ privilege do not apply to corporate users.
Also, under PECR, telemarketing should not be exercised to any parties that have said that they do not wish to receive calls. Anyone registered with the Telephone Preference Service (TPS) or the Corporate Telephone Preference Service (CTPS) should also not be receiving your calls.
If consent is not used, another lawful basis will have to underpin your marketing and processing of personal data.
The ICO identifies legitimate interest (LI) as the “most flexible lawful basis for processing”, but it cannot be assumed to be the most appropriate in every situation.
“It is likely to be most appropriate where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing. If you choose to rely on legitimate interests, you are taking on extra responsibility for considering and protecting people’s rights and interests,” ICO guidance states.
Experts debate GDPR and PECR
On May 17th, ON24 hosts a webinar that will unpack consensual marketing, as a panel of industry experts debate the intricacies of new and existing data legislation.
Attendees will benefit from an examination of the GDPR and PECR in context, to give practical advice on how executives can begin to adapt compliant marketing practices.
On the panel
Andrew Warren-Payne, Managing Director at Market2Marketers will be moderating the panel.
As a facilitator that enables tech companies, agencies and media businesses to connect with marketers and advertisers, Andrew has spoken to thousands of marketers in events spanning over ten countries. He is widely published within his industry, having published through The Guardian, BBC, PSFK and Forbes.
Featuring speakers from Henley Business School and My Inhouse Lawyer, our panel includes:
Abigail Dubiniecki, Specialist, My Inhouse Lawyer
A Canadian freelance lawyer and founder of Strategic Compliance Consulting Ltd, Abigail’s reservoir of expertise nourishes organizational compliance in privacy, data protection and GDPR implementation.
Whether consulting in the top echelons of GDPR consulting, delivering keynotes to senior managers through Henley Business School, or advising UK companies through My Inhouse Lawyer, Abigail’s robust solutions are the perfect reconciliation between compliance, risk and technology.
Richard Preece, Director, DA Resilience
Richard is an experienced international hybrid consultant, leader, Henley Business School Executive Fellow and GCHQ Certified Trainer. He enables organizations to become more strategically agile and resilient, to exploit the opportunities and minimize the dangers of the current and future digital hyper-connected world.
Richard has led many data protection and cyber security education, exercises and consultancy engagements. Current and recent assignments include information security and data protection strategy and capability development for a number of UK and international organisations, covering Financial Services, Oil and Gas, Energy, Telecoms, Education and Defence sectors. He has also been appointed as a Data Protection Officer (DPO) for a Recruitment company and interim DPO for an Educational charity.
Zach Thornton, External Affairs Manager, DMA
Since joining the DMA as External Affairs Manager, Zach has focused on lobbying the UK and EU to achieve a balanced General Data Protection Regulation, and is now beginning work on the revised ePrivacy regulation. Intrinsic to his mission will be ensuring that the legislation does not undermine, but drives British business.
Zach is also passionate about politics and current affairs, and stood as a candidate for Borough Councillor in the May 2014 local elections in Tower Hamlets, London.
Accelerate your preparation with ON24
Fresh from cutting edge keynotes at the GDPR Summit: London, our panellists will break down compliant marketing methods, looking at how both GDPR and PECR are there to help organisations create successful campaigns that will stand out for their transparency and compliancy.
Further key topics will include:
- Different mechanism for the go-to-market
- Successfully aligning with other business stakeholders
- Optimising the time of company commentators
- Achieving a quick response to regulatory opportunities
- Overcoming key challenges, such as speed to market, content lifespan and market differentiation.
Viewers can get their specific queries answered in a Q&A that will follow the debate.
Click here to register your place on this exclusive webinar.
By Tom Davies, features editor, GDPR.Report
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
comments powered by Disqus