The big subject in direct marketing is the General Data Protection Regulation or GDPR. The impact of its arrival is very significant for business generally, but especially for marketers. Worryingly,…
Taking the lead on GDPR
The big subject in direct marketing is the General Data Protection Regulation or GDPR. The impact of its arrival is very significant for business generally, but especially for marketers. Worryingly, the least well prepared are those in the B2B world. This isn’t because they are simply unprepared, it’s because they have most that is changing.
The existing Data Protection Act already requires companies working in the B2C space to handle data with proper regard for the data subject anyway – the new GDPR rules are therefore simply a tougher set of rules to take data protection and privacy to a higher level. Until now however B2B has always been allowed some leeway because in the eyes of the law the data wasn’t considered personal if it related to somebody at their workplace – they were officers of a separate legal entity rather than private individuals.
GDPR doesn’t leave much room for interpretation, and certainly there is no provision for B2B to be treated any differently than B2C.
So if you are a B2B marketer or sales decision maker, from a standing start, you will need to get to the Data Protection Act standards and then beyond to GDPR standards and build data protection considerations into your systems and processes. Our key message to you is that if you aren’t yet considering how GDPR will affect you, you should be.
Companies can still do marketing based on the existing requirements of the Data Protection Act until 24th May 2018. Whilst we would encourage all companies to get everything in place as soon as possible, it is undoubtedly the case that some companies will need time to implement everything. To help companies transition as smoothly as possible, Corpdata are now introducing 2 new licence durations – a 6 month licence, and a 9 month licence with prices evenly spaced between a single campaign fee and a 12 month licence. Hopefully this will allow companies still working in line with the “old” rules to pick the right time to move across to a GDPR style of operating and indeed GDPR compliant data for them.
Some of the principles of GDPR that have an impact on B2B direct marketing are:
lawfulness, fairness and transparency
Surrounding all of this is the concept of ‘data protection by design and by default’, and the requirement to ‘demonstrate compliance’ with the law.
Lawfulness, fairness and transparency Corpdata has a commercial need to process personal data, this data relates to people who are decision makers in organisations. To respect both the letter and the spirit of the law, Corpdata changed its method of updating data over 12 months ago so that when we are contacting people as well as making sure the data is up-to-date we are asking for their specific wishes with regard to ‘professionally relevant direct marketing communications’.
We have been explaining to data subjects that Corpdata hold data to provide it to other organisations for direct marketing purposes so the data subject is absolutely clear about how their data will be used, and for what purpose. We also record the specific wishes of the data subject concerning the preferred media for communications, post, telephone and email, or, of course, none.
In the future, when arranging to supply data to a client, Corpdata will need to feel confident that the product or service is relevant to the data subject – they may not want to buy it, but they should at least understand why they were offered it. With that in mind the licence granted is going to be more specific about what product/service is able to be promoted.
Storage limitation and Accuracy Storage limitation means personal information should be stored for as long as it’s needed, and not longer.
This causes Corpdata some challenges since our most popular license terms for data is 12 month multiple use, but it doesn’t really make sense that 12 months should be a suitable time to hold data for most people.
So whilst we will continue to offer data to people under the terms of the Data Protection Act in the short term, once a client wishes to step up to GDPR we will no longer provide data on a 12 Month License (or even the new 6 or 9 month versions), nor will we offer an Eternal Use License. We have thought long and hard about this and we consider that offering business lists on this basis would be too ‘blunt’ and ‘non-specific’ and so probably would be inappropriate in the eyes of GDPR at a fundamental “letter-of-the-law” level.
GDPR expects personal data to be treated with care and consideration, and not to be blasé about it – it must be planned and thought through and managed with appropriate care and control. Our existing licences, and those of our competitors who offer similar terms, simply don’t seem to live up to the spirit of the new rules and we don’t feel it is right to knowingly expose our customers to the risk of falling foul of GDPR. Instead, we will be offering data on three license types in future, Single Use License, Single Campaign Use License and Rolling License.
Single Use is what it says, data users may use the data just once, then must delete it. Single Campaign Use means data users may use the data during a two month period for an approach plus follow-up, after that it must be deleted. Both of these licenses address the requirements of GDPR for storage limitation.
To address the needs of some data users with longer buying cycles, we need to introduce the Rolling License. Since this data will be used for protracted periods of time, it now becomes, in the phrasing of GDPR, ‘necessary’ to keep the data up to date. This means all the data, the contact details, but also their contact preferences.
Corpdata’s Rolling License will enable sophisticated users to hold Corpdata data for as long as is needed, whilst still ensuring they can comply with GDPR. Changes to the data will be passed on to data users frequently, and this not only ensures you can comply with GDPR but obviously the more accurate and up to date your list the better your marketing results too.
Call (01626 777400) to talk to a Data Consultant about how we can help you continue to use Data to make your business successful whilst fully meeting the requirements of the new GDPR legislation.
Other GDPR services we offer you
Many organisations are just starting to become aware of GDPR. It has implications far beyond Direct Marketing.
Since our core business has traditionally been Direct Marketing data, we got involved in GDPR very early on. We have invested considerable time and effort into understanding the implications of this new legislation for our customers, but also business more generally.
We have a Compliance Team of Certified GDPR Practitioners. The team are familiar with consulting on data usage throughout client organisations, from HR to Marketing or Finance. We provide solutions to help you identify the ongoing risks that your processes or data present. We work with you to prioritise your risk treatments so that you can minimise threats, and any potential impact to your organisation. Here are two examples of services.
Data Supplier Compliance GDPR requires you are able to demonstrate you are 'in no way responsible' if you are to avoid liability. This means you will need to be able to show a more thorough understanding of your suppliers and their processes. The Corpdata Compliance team are able to help you create and perform your due diligence checks for suppliers, especially where data transfers are concerned, enabling you to demonstrate your attention to the requirements.
Data Breach Detection The new legislation makes it a requirement to report data breaches when you find them, but it also says you must make 'all appropriate technological protection and organisational measures' to 'establish immediately whether a personal data breach has taken place'. Our compliance experts can help you understand the data you hold and can help you consider how you might detect data breaches. In addition, we offer a service to customers that can help you detect breaches of your data. With our help you will be able to document and evidence that you have taken reasonable steps to detect any data breaches.
Consultancy Driven by Your Business Results Our experienced and certified Compliance Consultants have significant experience of direct marketing and business generally. They will help you find workable solutions to suit your business needs.
Free initial GDPR compliance consultation If you want a free initial telephone consultation about GDPR and how it will affect you and your organisation, call us now on 01626 777400 and one of our compliance consultants will be very happy to talk with you.
25 years of telephone research – A BIG phone bill!
Corpdata is twenty five years old this year. Our primary objective hasn’t changed one bit; the provision of direct marketing information which helps clients generate an optimal return on their marketing spend.
Our in house research function is trained and resourced to be able to make sure that the data we supply is accurate, up to date and detailed, and with the GDPR safe to use.
Using telephone interviews to verify the business lists we supply isn’t cheap; salaries to pay and people need training and managing and somewhere to sit and work! BUT we always find that “from the horse’s mouth” accuracy of contact and company names, phone numbers and email addresses time and again prove the most reliable way of supplying information which works better than cheaply generated alternatives. When we phone and ask who is responsible for … , or who in in charge of … we get the contacts that our clients really want to connect to, and with GDPR just around the corner we can also confirm their preferences toward marketing communications.
Our research team researches and refreshes a range of industry sectors and can be asking for anything from a company’s list of senior decision makers and contact details to what technologies are being used and how much their quarterly spend is for various bills. More recently we have been working hard to get ready for GDPR and not only producing accurate business lists but lists which are safe to use after May 2018.
We just couldn’t handle this workload without investing in ongoing training ensuring that everyone working in our research call centre knows what they have to do. It can typically take up to six months from joining to be fully trained in all the areas of research. New joiners first three months is particularly scrutinized, each call being quality checked ensuring that they not only do it right but that they do it our way and consistently.
On an ongoing basis we randomly check calls every month; helping us maintain our 'must get things right' culture and a key factor in the reputation we continue to hold. Our two for one guarantee on gone-away contacts is rarely used. There just aren’t many!