With just a few weeks to go until the EU General Data Protection Regulation (GDPR) takes effect across the UK and Europe, it’s vital that businesses prepare for the necessary changes in data collection. Any organisation which collects personal data needs to abide by the new legislation which officially comes into effect on 25th May 2018.
The European legislation is designed to tighten the current laws around data collection and protection, and hefty fines await businesses which don’t comply or are unaware of the changes in the law. Data collection is about to become more difficult, and consequences for organisations which suffer a data breach will be much more ruthless. With many sectors and business departments which depend on customer data for business operations, it’s vital that companies of all sizes are prepared for the upcoming changes.
What is GDPR?
Fundamentally, the GDPR states how client data can be initially collected, stored, used and shared. There is a huge emphasis on consent to store personal sensitive data such as names, addresses, bank details, photographs, email addresses and telephone numbers. Data which is shared between companies needs specific consent from the client to be shared with third parties, which could be difficult to obtain.
The main principles of GDPR are:
- Informed consent
- The client’s right to withdraw consent at any time
- Establishing a clear purpose for keeping sensitive data, or responsibly destroying it
- Secure storage of all data
- Reporting data breaches and data theft within 72 hours, and having an adequate response plan in place
To find out more about the new regulation and to download useful resources to ensure your business is compliant, visit the Information Commissioner’s Office Guide to the GDPR.
Why is the current data protection law changing?
Essentially, the GDPR is being introduced to give individuals more rights over what data can be stored and kept about them by multiple organisations. The UK’s current Data Protection Act dates back to 1998, so it did need updating – and having an EU-wide regulation will enable information to flow freely across the continent and ensure consistency for businesses.
The GDPR is a law rather than a Directive, which means any person or company which doesn’t comply with the regulation can be punished. As more and more sensitive data is collected and stored by organisations as standard (including social media platforms, GP records, mobile phone contracts, banks, retail stores, schools and colleges – the list goes on) it is imperative that data is collected and stored fairly and securely. Cybercrime around the world is on the increase, and therefore organisations need to be more vigilant than ever when it comes to data security.
What about Brexit?
Because the regulation is being enforced by the European Union, questions have been raised about the GDPR post-Brexit. It is crucial that you do not simply ignore the new law because you presume it won’t apply following the UK’s exit from the EU in 2019.
Brexit will have little impact on the GDPR, as it doesn’t just affect nations included in the EU. GDPR applies to all companies, even non-EU companies, which hold data about EU citizens. It’s also highly likely that the UK government will vote to transfer the GDPR into UK law after it departs from the EU – so there’s no getting away from the new data protection rules.
The impact of GDPR on telemarketing and sales
Many businesses rely on customer data to survive and make sales – so the new stringent rules introduced within GDPR could be problematic for those in the industry of sales and marketing. However, as long as you fully understand the legislation and how to remain compliant, you should be able to adapt your practices.
Who you can market to, and how, is all about to change. Processes will definitely have to be overhauled; however with good strategic planning telemarketing companies can safeguard themselves for the future with rigorous data protection.
Cold calling individuals, whether they have consented to the call or not, is difficult – but it’s about to get a lot harder. All the existing data you already have – such as telephone numbers, names and addresses – will have to be reviewed. In order to be GDPR compliant, all organisations will need to hold specific consent for the data they hold and the purpose they have for keeping it. This means you will have to contact your entire database and ask for consent to stay in touch and keep telephone numbers on file.
GDPR actually presents an opportunity to the telemarketing industry, to trim and streamline telephone lists to remove cold leads and individuals who do not want to be contacted. This can save callers precious time, and a narrower more targeted pool of contacts is always better than a larger, general database.
As for generating leads in the future, you’ll have to get creative. B2B marketing won’t be affected too much, because if you’re calling the central company phone number this information will already be available to the general public. However, if you have contacts within a company – for example the person with buying power – you’ll need to gain their permission to keep their contact details on file.
Our approach to telemarketing is first and foremost focussed on compliance – so you can rest assured your marketing campaigns will fall in line with GDPR best practice. Contact us for more information.