Here’s an update on GDPR – what is it and what are the rules?
While many of my followers are marketing professionals (and I definitely don’t want to teach you how to suck eggs) sometimes it does no harm to get a tea break refresher. So, here it is, straight from the mouth of a direct marketing specialist. You may need a biscuit with that cup of tea…
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
GDPR applies to companies marketing in the UK, even if they are not based in the EU. This is because the UK has adopted GDPR into its own law, the Data Protection Act 2018.
GDPR has a number of rules that companies must follow when marketing to individuals in the UK. These rules include:
Obtaining consent
Companies must obtain consent from individuals before they can send them marketing messages. Consent must be freely given, specific, informed, and unambiguous.
Providing information
Companies must provide individuals with clear information about how their data will be used for marketing purposes. This information must be provided at the time the data is collected.
Giving individuals the right to opt out
Individuals must have the right to opt out of marketing messages at any time. Companies must make it easy for individuals to opt out.
Keeping data secure
Companies must keep personal data secure and protect it from unauthorized access, use, disclosure, alteration, or destruction.
Companies that fail to comply with GDPR can face fines of up to €20 million or 4% of global annual turnover, whichever is greater.
Here are some additional things to keep in mind when marketing in the UK under GDPR:
- You must be transparent about how you collect and use personal data. This includes providing clear and concise information about your privacy practices, such as how you collect, use, and share personal data, and the rights of individuals.
- You must obtain consent from individuals before you can send them marketing messages. Consent must be freely given, specific, informed, and unambiguous.
- You must give individuals the right to access their personal data and to have it corrected or deleted. You must also give individuals the right to object to the processing of their personal data for marketing purposes.
- You must keep personal data secure and protect it from unauthorized access, use, disclosure, alteration, or destruction.
- If you are a company marketing in the UK, it is important to understand GDPR rules and how they apply to your business. By complying with GDPR, you can protect the personal data of individuals and avoid fines and other penalties.
About 8848
8848 is an award-winning full-service agency. We’re based in the Midlands but our clients are based across the UK and further afield. Alongside direct marketing, our services include creative design, photography, PR, social media management and event management.
We work with clients of all sizes to help them achieve their sales goals through PR, social media, and marketing. We’re unique as one of our specialisms is an in-house business-to-business contact centre.
About the author of this blog
Charlotte Bennett is a director at 8848. In her third decade of marketing, she is a strategic thinker who helps businesses make better communications decisions to support their growth. She has worked with some of the world’s biggest brands. In addition, she has also helped develop amazing businesses that will be the names to watch in the future.