GDPR: WHY IS EVERYONE TALKING ABOUT IT?
Since 25th May 2018 the ‘General Data Protection Regulation’ (GDPR) has been in force, which means the same rules for all EU countries. This was created in response to modern data procedures, especially with regards to the biggest technology firms & digital giants, data breaches, email usage etc. and to bring about a unified data protection policy to all of Europe. GDPR is primarily to improve the data protection rights of EU subjects, and to clarify what safeguards are needed in this new digital age.
NO MORE COLD CALLING OR EMAILING?
You may have heard rumours that under the GDPR it will be impossible to cold-call or send emails to people without their prior consent. This is because article 6.1(a) of the GDPR stipulates that we must have the consent of the subject to process his personal data, namely “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”.
Article 6.1(f) LEGITIMATE INTEREST & THE BALANCING TEST
So, how can we still cold-call and send direct marketing emails under the new regulation if consent is required? Surely this means that direct marketing is dead!
Very importantly, there are exceptions, and with regards to direct marketing, we will operate under that of legitimate interest as laid out in Article 6.1 (f):
“processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data”
WHAT IS DEVEO’S & OUR CLIENTS’ LEGITIMATE INTEREST?
Deveo has the right to conduct business under EU law. As a direct marketing agency, our main activity is setting-up teleconferences/meetings between our clients and their prospects. Similarly, our clients have the right to sell their products and services, and market them.
Recital 47 on the GDPR stipulates that direct marketing can be a legitimate interest. In December 2017, parts of the forthcoming GDPR were clarified by the EU, and it was confirmed that “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.”
RIGHTS & FREEDOMS OF INDIVIDUALS?
What about the rights and freedoms of the individuals that the GDPR is seeking to protect?
We must also take these into account, so for Deveo this means the people we are trying to contact to arrange meetings or teleconferences with for our clients. As well as direct legal impacts from using their data, the emotional impact must also be considered. Relevant for us, the GDPR gives these people the legal right to be forgotten, and the right to access the information we hold on them, and change any incorrect information. We inform people of their rights & respect their decisions under every aspect of the GDPR.
So now we can see that both Deveo has right to run a direct marketing agency, and people have rights and freedoms regarding the usage of their data. So how can we know whose rights are greater? Under EU law, we apply a ‘balancing test’ as laid out in the opinion from the Data Protection Working Party to assess the impact that Deveo’s actions will have on the individual, and here at Deveo we have applied this test to every type of campaign we run.
Deveo has very clear policies regarding our calling and emailing practices, and will always call and email in a professional and courteous manner.
DEVEO’S BEST PRACTICES
• Contact people in office hours – we have a note of the time-zone for each contact in our CRM to help with this, and the reception opening hours where known
• Contact people an appropriate number of times – the norm is once per day for an interesting prospect
• Contact people that have a relevant job title matching our clients target audience
• Send emails to a small, exclusive, carefully selected segment of our database (only a few hundred contacts)
• Send a reasonable number of marketing emails per campaign (normally 3 per 4-week campaign)
• Send emails only to people’s work address
• Respect people’s rights to opt-out of current and all future marketing campaigns for a client
• Only hold the minimum information needed to establish a business relationship (mainly the contact’s work email, phone number & LinkedIn URL)
• For our own marketing campaigns, we only contact people who could benefit from our services, and we apply the same principles as detailed in this section
DEVEO DOES NOT…
• Contact people out of their office hours
• Contact people repeatedly by telephone over a short space of time
• Contact people whose job title is not relevant to the product or solution offered by our client
• Send a ‘blanket’ email regarding your solution to a massive population (tens of thousands of contacts)
• ‘Spam’ people with repeated emails on the same topic over a short space of time
• Use people’s personal (Gmail, Yahoo etc) email addresses for business
• Send emails to people who have opted out of our client’s brand
• Hold information not relevant to a business relationship, e.g. Date of birth, marital status, religion or political views etc.
DATA PROTECTION BY DEFAULT & DESIGN
At Deveo, we take data protection seriously, and do this by default and design. We have implemented technical and organisational measures to show that we have considered data protection in all of our processing activities. Such measures include, but are not limited to:
• ‘Right to be forgotten’ – we will erase all personal details except the email address which will be retained for our suppression lists
• Holding client & contact data on a secure server (HTTPS)
• Will provide details of any data we hold to comply with the ‘Right of access to data’
• The ‘Balancing Test’ has been applied to each type of data processing activity, and we respect the rights of the individuals that we will be contacting
• We have appointed a Data Protection Officer to inform & advise our staff of their obligations & provide training, monitor compliance, provide advice & cooperate with the supervisory authorities
• We run regular security audits with an outside agency to ensure that we are taking all possible steps to keep our data secure
WE TAKE FULL RESPONSIBILITY FOR THE WAY IN WHICH WE USE OUR DATA FOR YOUR CAMPAIGN. For more information, please contact us