GDPR and Brexit:
Is GDPR relevant post-Brexit?
On 24 June – the day the Brexit vote was announced, GI Insight hosted a seminar in Leicester on ‘Understanding and applying the new General Data Protection Regulation (GDPR)’, which will be enforceable from 25th May 2018.
Firstly, GDPR Isn’t going away
Opt4’s expert on data protection and GDPR, Rosemary Smith immediately addressed ‘the elephant in the room’, stating that the need to comply with GDPR had not gone away because of Brexit.
We would still need to trade with Europe and therefore comply with the new EU data protection laws. And most certainly need to comply with existing EU legislation until the UK exits the union. Even if the UK didn’t implement GDPR in full, its highly likely we’d implement similar data protection standards in order to maintain trade links with the rest of Europe.
“The timeline to become compliant hasn’t gone away. This isn’t the time to rest on our laurels!” says Rosemary Smith of Opt4.
The business argument for GDPR
Besides the threat of penalties of up to 20 million euros or 4% of annual worldwide turnover for non-compliance, there is a strong business argument for making sure we don’t antagonise customers and prospects. GDPR is coming into play at a time when there is growing concern about the use of consumer data, the infiltration of information technology, serious data breaches happening, and unease about mass surveillance.
On the flip-side, consumers are providing more of their personal data than ever before, however in exchange they want a better customer experience, greater personalisation, and relevant, real-time communications, says Kirk Dobie, Commercial Director at GI Insight.
A new ‘preference society’
We’re living through a fundamental shift in the consumer mindset that we can’t ignore, says Kirk. As a marketing community we’re having to respond quickly to the demands of a new ‘preference society’, where consumers have more rights and businesses are being held accountable for the way they handle personal data.
People, tired of being bombarded with irrelevant marketing materials, want greater say about who communicates with them – about what. Even more so, they want to specify which channels (email, post, SMS, mobile or landline) companies can use to contact them and when.
Businesses are have to be more ‘transparent’. For the first time, organisations need to be blatantly open and clear about how, when and where consumer data is to be used, the data ‘use by date’, and how much personal data they hold – and for what purposes.
GDPR addresses some of these issues. Getting your ‘data-act’ sorted is not purely about being GDPR compliant, it is about being responsible and ethical marketers, whether GDPR is looming or not.
GDPR Seminars for Marketers
GI Insight seminars on GDPR for Marketers cover the realities of managing data, including what you need to do to be GDPR complaint, where your data is located, what is deemed ‘personal data’, the rights people have, what records to keep, what data to record, contracts to put in place, the liability of both data controller and data processor, cross-border transfers, and why your business needs a data protection officer.
The seminar also provides practical advice for marketers, such as getting unambiguous consent, capturing opt-ins, producing customer profiles, managing ‘rights’, ensuring data portability, responding to ‘Subject Access Requests’, and dealing with data breaches.