Posted by John Noble on 28 Jan 2015
It is looking likely that the EU Data Protection Legislation will come into effect at some point in 2015. The basic principle of the legislation is that everyone in the EU will have the right to the protection of personal data.
Whilst I am sure that everyone would agree with the principle, the measures and controls will have an impact on how we store the data in our EMEA Marketing Databases and how we can use EU marketing data going forward.
The original EU Data Protection Directive, which has been in force since 1995, sets out some simple principles:
- Data transparency - the data subject must know that their data is being collected.
- Data must only be collected for specified legitimate purposes.
- Data may only be processed for those specific processes.
- If data is transferred to a third country, they must adhere to these guidelines.
This more often than not has worked for responsible marketers conducting EU Marketing campaigns , so why the change now?
The 1995 directive came into force at a time when the Internet was very much in it’s infancy. Most marketers would use EU Marketing Lists in the form of direct mail and maybe telemarketing. Digital marketing was very much in its infancy. There has been massive technological change over the last decade, particularly the Internet being an everyday experience for many people. Because of this, data protection has become a far greater concern to many individuals.
Under the new proposed EU Data Protection Regulation, the changes mainly centre around this concern of Internet-based data sharing. In effect, personal data will be the property of the person the data is about. As a result, any business using EU marketing data will need to alter their operating procedures accordingly.
So what do you need to do? You'll need to ask for permission to do things which you currently take for granted, such as:
- Adding customers to mailing lists and sending them marketing communications.
- Using your customers’ personal, behavioural, purchase and preference data to tailor the website or send them personalised and targeted emails.
- Implied consent will not be allowed and consent will only be valid when it's "specific" and "informed" by telling individuals how their data will be used in an easily understood way.
When it comes to B2B marketing, opt-in consent will be needed. Names and contact details of individuals are personal data and no distinction will be made between whether the contact details relate to a home or a business address. If the information relates to an individual or identifies an individual, processing and marketing need consent.
For those of you using external European Marketing Lists, it's only with a clear, informed and explicit action by an individual that you can obtain their consent for processing or direct marketing. It'll be difficult for third party vendors and those who use third party data to meet the new consent standards. The high fines and more effective enforcement mean that anyone purchasing or using third-party data should start reviewing the sources of their data and obtaining proof (rather than assurances) about the opt-in status of the individuals on those lists.
MI Europe and our EMEA Marketing Database are already compliant with the proposed new EU legislation. If you'd like further advice please don't hesitate to get in touch.