A new law called the General Data Protection Regulation (GDPR) came in to force on the 25th May 2018. This new law has been designed to tighten up our existing data protection laws and will have far reaching consequences for any organisation that holds any data that can identify an individual or individuals. If you hold any such data, whether it exists on a spreadsheet, a database, a CRM system or even on paper the new law will affect you! The existing Data Protection Act already requires companies working in the B2C arena to handle data with proper regard for data subjects (the individuals whom the data records identify). The new GDPR regulations are simply a tougher set of rules that will take data protection and privacy to a higher level.
Many marketing individuals are starting to appreciate that GDPR will affect how new business is generated. Target Response have carefully digested the impact that GDPR will have and what it will mean to our clients who wish to find new customers using effective direct marketing methods whilst also complying with GDPR. We have been looking at the likely effect of the new legislation prompting us to re-engineer how we telephonically verify our databases and the processes that we use to ensure compliance within the new legal framework. The good news is that you can still use direct marketing to generate new business, and you can continue to use third party data, such as one of Target Response’s lists.
A common misunderstanding of the new regulation is that you have to have the data subject’s consent in order to process their data. While consent is indeed one of the six lawful bases for processing personal data it often will not be the most suitable. Because the Information Commissioner’s Office (the UK’s body responsible for upholding information rights and data privacy) take the view that for consent to be valid, the data subject must know who they are giving consent to at the time that their contact details are collected. Consent therefore will almost never be valid if you use externally sourced lists as it cannot be transferred.
Target Response has studied the Regulation (EU) 2016/679 of The European Parliament and of The Council dated the 27 April 2016 and on page 9 under item (47) it clearly states that “the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”. We therefore understand that the ONLY legal basis for using third party data under the current guidance will be 'Legitimate Interest' which is also one of the six conditions identified as a legal basis for processing data.
Our data subjects are researched telephonically by our in-house data research team and we explain that Target Response will be providing their contact details to our preferred suppliers for direct marketing purposes. The data subject will therefore be absolutely clear about how their data will be used and for what purpose. We will then conduct our own due diligence so that we are confident that the product or service offered by our clients is relevant to the data subject; the data subject may not wish to buy the product or service but they should at least understand why they were offered it!
All of our telephone calls are recorded and during the conversation we ask for the data subject's specific wishes with regards to their preferences for receiving marketing communications via email, telephone, post or even none at all. It has become apparent to us that most people are prepared to receive something; we are currently finding that approximately 90% of our contacts are happy to receive marketing information by email and post while approximately 70% of our contacts are also happy to receive telephone calls.
If at any time an individual no longer wishes to be contacted they are immediately deleted from our database and placed on a suppression list which we maintain and update. Should a data subject wish to change their contact preferences we will then inform our clients of their wishes. This is a requirement of GDPR and will ensure that you are legally compliant as well as having an accurate list excluding any contacts that are likely to be resistant to direct marketing.
Our approach means that if your business needs to target new business you will still be able to execute effective, safe and compliant direct marketing using Target Response’s data lists.