November 8, 2017

DMA view on GDPR

The Direct Marketing Association (DMA) lives, eats and breathes data. Data drives the direct marketing industry. Because data is also key to the events industry, we may do well to listen to their point of view on the subject.

The DMA has a responsibility to make sure that data used by its membership is used correctly and to professional standards. As part of its role the DMA has produced a series of blogs on the subject, here's our take on their words of wisdom.

Firstly, let's be clear on the current situation regarding GDPR. UK Data Protection Law will align with EU data protection standards, the bill introduced by the UK Government will implement the General Data Protection Regulation (GDPR) in full, according to the Direct Marketing Association. This they stated following an announcement in the Queen's Speech and subsequent announcements. Essentially this means we will be governed by GDPR whatever happens with Brexit.

GDPR digital marketing audit

Because the DMA has been watching GDPR very closely it has identified a key changes as follows:

  • It will become simpler to withdraw consent for the use of personal data.
  • It will allow people to ask for their personal data held by companies to be erased ("right to be forgotten.")
  • Expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA.
  • Update and strengthen data protection law to reflect the changing nature and scope of the digital economy.
  • Make it easier and free of charge for individuals to require an organisation to disclose the personal data it holds on them ("data subject access request.")
  • Make it easier for customers to move personal data between service providers ("right to data portability.")

The GDPR contained various derogations, which translates as parts of the regulation that can be varied from country to country. For example, the age of consent for children can be set between ages 13-16.

The DMA has been consulted by the UK Government and supported their decision to set the age of consent for children for personal data processing to 13, this was supported by the DMA.

The DMA also identified that the UK Government intends to introduce a new legal requirement, which is an extension of the right to be forgotten in the GDPR, for social media. There will be a new right to require social media platforms to delete information on children and adults when asked.

The DMA sees this “time of reform” as an opportunity for organisations to embrace the changes and establish business cultures that have privacy at their heart. As with marketing and the rise of permission based marketing, this is another shift towards placing the control into the hands of the individual. The treatment of personal data (it would seem that a data such as a work email that is personal to the individual for example peter@thecompany.co.uk will be treated as personal data for the purposes of GDPR, something that will have a huge impact upon the B2B events industry).

Picking up on these points, DMA Director of External Affairs, Mike Lordan, said: “The Data Protection Bill will put into law much of the substance of the GDPR, which will transform the day-to-day operations of any business that works with data and comes into force in May 2018.

“This new legislation gives consumers more control over their data, which will in turn persuade businesses to act more responsibly.”

“But businesses should not view these new laws as shackles inhibiting innovation, as some do, but as opportunities to better serve customers in new and exciting ways.”

The full bill will be published any day now and that will set the principles by which data can be harvested, stored and used within the UK events industry.

If you have any concerns regarding the Bill then you can contact the Government team via email: dataprotectionbill@culture.gov.uk or the DMA’s External Affairs Manager, Zach Thornton, via email:Zach.Thornton@dma.org.uk

G