In January 2012, the European Commission (EC) issued a proposal for a European-wide data protection reform.

In March 2014, a first reading of a draft bill went through the European Parliament and a second version was voted on by the Council of Ministers – in effect creating two drafts of the same Regulation with significant differences between them with the Council of Ministers declaring that nothing is agreed until everything is agreed.

To date these drafts have had more amendments than any previous body of EU regulation and given the priority to gain consent on this landmark regulation by EC President Jean-Claude Juncker, many believe that the GDPR will be agreed by all parties by the middle of 2015.

Data protection and the security of data is perhaps the biggest issue facing the advertising and marketing sector from a business continuity perspective as to get this badly wrong opens the door to punitive fines of up to five percent of global turnover or €100m.

Please see below for our top tips for marketers:

1. Write down a set of data protection policies and procedures and ensure that these are compliant with the GDPR. Such policies and procedures should include what actions need to happen in the event of a data breach.

2. Consider what breaches might do harm to customers/clients and pay particular attention to mitigating these risks. The most serious are either financial fraud or identity fraud, so marketing professionals should pay particular attention to passport details and other personal information stored on their servers.

3. All companies need to invest in education and training all employees involved in collection and processing of data with a view to reducing the risk of human error and as far as possible try and automate as many processes as possible in order to reduce the risk of human error.

4. All companies need to set very clear, fair and transparent rules for obtaining customer consent.

5. All companies shouldn’t keep data forever – unless of course it’s to ensure that they don’t contact someone who has expressly said that they don’t want to be contacted in the future and not having such information could lead to them being contacted again by accident.

6. All companies should have a policy for destroying out-of-date data.

7. All companies need to recognise the risk of consumer activism where one aggrieved customer can very quickly galvanise a mass campaign against the brand on Twitter and social network sites.

8. Marketing professionals need to integrate data protection fully into all business processes and not treat this as an add-on or side issue.

9. Marketers should consider the GDPR as a marketing opportunity and potentially a source of competitive advantage by performing data processing tasks more efficiently and accurately.

10. Customers should be treated as a source of business rather than a piece of data and need to be treated fairly, with respect to their rights to privacy and without cynicism.

 

By Ardi Kolah, Liveryman, The Marketors.

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.

comments powered by Disqus