Many businesses could face hefty fines next year if they do not familiarise themselves with the new General Data Protection Regulation (GDPR) legislation which will come in to effect on 25 May 2018. Replacing the outgoing Data Protection Act of 1998, the new rules are meant to enhance data protection legislation, and to help tackle rogue trading and put a stop to nuisance calls.

As a result, the goal is to essentially help improve the protection of individuals – particularly in relation to the processing and use of personal data, handing individuals more control in the process.

So, what is meant by personal data exactly? The understanding of what it includes is essential if you wish to avoid action being taken against your organisation. According to the EU, personal data is “any information relating to an identified or identifiable person”. This would include full name, job title, work email address, direct line etc. In summary, any sort of data whether in relation to an individual or business could therefore be personal if the owner becomes identifiable. Consequently, this will have a major impact on an organisation’s marketing and sales initiatives, and thus, not complying could have significant repercussions for a company.

Therefore, a thorough understanding of the new legislation will be of paramount importance if you want to avoid a substantial fine. An unerring statement in relation to the GDPR legislation has warned that uncooperating organisations will almost certainly be punished. Individuals would also be in a position to bring about their own lawsuits and make compensation claims in the event of a data breach. There is no doubt that because of the legislation change, and the powers afforded to the individual relating to personal data privacy, many organisations face a real possibility of being accused of breaking the law.

The new EU Data regulation also makes no distinction between B2B and B2C in relation to data restriction. The impact of this however will almost certainly affect online marketing methods such as who you can target in email campaigns and direct mail, as well as some social media interactions. Personal data can only be held with explicit consent from the recipient – resulting in direct marketing essentially going from an opt-out rule to an opt-in one, completely altering the way businesses conduct their marketing and sales strategies.

Considered to be the most important change in data privacy in the last 20 years, the legislation is to take into account the changing ways organisations collect information about individuals and the types of personal data available. This will also impact on the marketing department because the biggest change will be the new opt-in permission rules for consumers. This means that all current data held by an organisation is going to require auditing against new standards and if it doesn’t comply, it will need to go through a process that will gain additional consumer consent. It also enables the consumer to have more power in relation to what data is being used about them. They are entitled to ask what, where and how the data is being utilised. Should the consumer wish to do so, they also have the right to be forgotten, meaning that an organisation must comply if an individual requests you to erase their personal data from the system. Additionally, any third party using that data must also comply.

Although this may seem overwhelming at first, there is still plenty of time to familiarise yourself with the new legislation. It is equally important that not only senior management are fully aware of the new rules, but staff members as well so they are able to operate in their jobs confidently and with knowledge they are not being unethical or most importantly, breaking any laws.

The issue with this for many businesses is that although there are clear benefits this legislation will bring in relation to B2C, the implications on B2B are not so transparent, and will certainly impose additional costs in to an already tough market. Additionally, it is not so clear cut in how this legislation will affect B2B – but what is certain is that anyone involved with direct marketing or any type of data must prepare for the inevitable changes which will take place next year.

It is highly advisable to gain a full understanding as to how the General Data Protection Regulation legislation will affect your company. Equally as important, is the necessity to assign an individual within your company the role and responsibility of ensuring all the criteria are being met and that the highest standards are being upheld. Only then, can you ensure that your organisation is fully up-to-date and compliant with current business law practice.

Ahmed Ali

Marketing & Practice Development Executive 

All contents Copyright © PCR (London) LLP unless otherwise noted. None of the elements on this website may be reused without permission.