At incite towers we’ve had our beady eyes on a piece of Europe wide legislation that has been in the pipeline for many years – The General Data Protection Regulation.
We’ve usually got better things to do than to keep an eye on the European Parliament for half a decade, like winning business for our clients, but this one was important.
While there was a little bit of uncertainty until recently about how the UK will interpret this law, particularly with the decision to leave the EU, we now know that due to the likely timing of triggering Article 50 the GDPR will be law in the UK come May 2018.
The ICO have also now confirmed this.
There’s a whole raft of things in this legislation around cyber security and privacy, but the main reason we’ve been so interested in it is it changes the definition of business data and of course data is a vital component of new business prospecting.
Let me explain.
Up until now, providing you were marketing business-to-business you could hold data on and contact people in other businesses via email, post or phone – providing of course you didn’t contact people on the TPS and gave people the opportunity to opt out of email. This is all with the caveat you weren’t targeting individuals with a message only relevant to them as an individual e.g. selling a family holiday to Janet in HR is not allowed but selling her business travel for her team would be OK.
See this document from the ICO if you are interested in finding out more.
This is also a useful overview of the difference between b2b and b2c legislation.
However, the GDPR turns this legislation on its head.
The data of individuals at work is now treated as personal data so you will not, without consent, be able to hold their data in a database. Email will also be only allowed with a clear and unambiguous opt-in.
Anyone caught breaking these rules is liable for a whopper of a fine.
Serious breaches could lead to fines of up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater. For lesser breaches the authorities could impose fines on companies of up to €10m or 2% of global annual turnover, whichever is greater. This would put all but the biggest agencies out of business in a flash
Just to make it really clear how much this legislation will change new business – your typical agency new businesses manager will have to, come May 25 2018, delete anyone from their prospect database unless they have clear unambiguous and provable permission from that individual to hold it on record. They will not be able to email an intro through to a marketer or marketing decision maker who hasn’t given their permission and unless your warm database has clear permission to email, you’ll have to delete that too.
A new business manager or director will be able to hold company information on a database, provided it does not identify an individual – so job title, switchboard numbers, url and generic email like [email protected] or [email protected] are fine but name or named email or any data that identifies them as a living person isn’t.
I can’t imagine what success rates of email, DM and cold calls would be if they started with FAO Global Marketing Director, Diageo Plc… Can you?
The clock is ticking. Agencies will quickly be divided into those that prepared for GDPR, invested in inbound marketing and used the 18 month window of current OPT OUT business data regulations to generate a quality OPT IN GDPR database and those that didn’t.
Read our next blog on the opportunity that GDPR creates for agencies that prepare and invest now. Or download our comprehensive programme on implementing an inbound strategy.
Next Part II what can you do to prepare.