What do GDPR, Madonna and Zebras have in common?

I’m good at quizzes, actually very good, unless I’ve had one or two sherbets first, then it all goes out of the window and while I could score high for enthusiasm, the memory banks don’t seem to work as well. The reason, I think, that I’m good at quizzes is because I’m curious, which means I read a lot, as well as the fact that I randomly look things up in Google because someone mentions something interesting, or it simply crosses my mind.

For some reason or another, these facts tend to stick in my mind, and come in useful at dinner parties and quizzes. For instance, did you know today is Madonna’s birthday, and the day that Elvis died? I don’t think they are related (Not Madonna and Elvis, the two incidents, although I’ve not checked their family trees, so who knows?).

Anyway, I can imagine you’re wondering what my quiz prowess has to do with GDPR? Well, curiosity, as well as being what led me to research GDPR in the first place, is also what I feel when some companies in the B2B sector don’t think they need to worry about the regulation, simply because it doesn’t require opt in.

This is not the Zebra bit…

I was flicking through some old files the other day, and I realised I ran my first workshop on the new GDPR rules way back in 2014. This was just after the EU sent out the proposed legislation to the various EU countries for consultation. Optimistically, we (as in the industry, I don’t have a crystal ball, and neither did anyone else apparently) were then predicting that the legislation would come into effect early 2016 and, as you know, it’s actually 2 years later than that.

The regulation has changed a bit due to lobbying from the industry, both here and abroad, for examples the fine scope has dropped from 5% to 4%, and the opt in requirement for B2B contacts has been removed.

The legislation explicitly says that you can do direct marketing, without opt in, based on legitimate interest. This is, luckily, a broad term that can mean that the person has bought from you before, or may have a genuine need for what you’re promoting.

However, GDPR is designed to work with PECR (Personal Electronic Communications Regulation), and that states that consumers have to be opted in before you can email them (Overriding the GDPR statement). PECR, however, does then go on to state that you can email people at their business email address without opt in. Direct mail, for both audiences, does not have the same limitation for opt in.

No Zebras here unfortunately…

I’ve had a number of conversations with B2B organisations that think this gives them a free ticket to not bother changing anything, to which I say “good luck” because this attitude not only misses the ENTIRE point, but overlooks other key elements of the legislation.

Quite apart from the best practice angle of marketing only to those people that are interested (which is not rocket science), the EU and the ICO are taking the attitude that people should not be spammed, have a certain right to privacy, and to decide what they do and don’t receive.

If you’re not going to bother cleaning your data, or applying best practice to your marketing workflows (and I’d be curious as to the reasons why you’re not doing that), then at the very least you should be:

  • Making sure that you’re telling people clearly (i.e. not hidden away in your website t’s and c’s) how you will use their data, how long you’ll keep it for, and how they can access it. (Regulation relevance: Clear and informed consent).
  • Regularly reaching out to your audience to update their consent
  • Giving your audience opportunities to “clean” the data you hold on them
  • Optimising all the channels you use to collect data to pro-actively manage consent
  • Making your opt out a single click process

Oh, and if you target sole traders, watch out, as the regulation classifies them as consumer, not business. You should also know that if you run web profiling tools, you’ve also got an obligation around consent, even if you’re a B2B business. Depending on the size of your business you’ll need a Data Protection Officer (DPO), and if you’re not registered with the ICO, then I suggest you do so now.

You’re almost at the Zebra…

Anyway, there’s enough GDPR content out there to sink several ships, and I’m aware that I’ve just added to the pile, but at least maybe you learnt one or two bits of trivia, even if you’re not interested in GDPR compliance. If you are interested, then congratulations!!!

Oh, and the Zebra? Did you know they can run up to 64KM/h? Crazy fast.

About the Author

Charlotte Graham-Cumming

Director, Ice Blue Sky Ltd

Leave a Reply

Your email address will not be published. Required fields are marked *