How will the UK’s data privacy reforms impact marketing?
Partner content
At last year’s Jicmail conference, hosted by PwC, a session covering the outlook for data protection with Chris Combemale, CEO of the DMA and chair of the DPDI Business Advisory Group, and Catherine Dunkerley, director for data trust atc PwC, drew much interest.
Important legal changes are coming soon. Combemale outlines why the government’s proposed reforms will benefit businesses and their customers.
The UK’s data protection landscape is set to receive significant revisions, which the government hopes will both unlock £4.7bn in savings for the UK economy over the next 10 years and help supercharge investment and growth across the digital economy.
The Data Protection and Digital Information (DPDI) bill, which has just concluded its journey through the House of Commons, will make a series of reforms to UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations to achieve this.
As chair of the DPDI’s Business Advisory Group, I had the privilege of leading the feedback of industry to government, representing organisations both large and small, on key challenges that were impacting them and their marketers.
This co-ordinated industry front helped us secure important reforms that will provide businesses with additional pro-growth opportunities and legislative clarity, while simplifying onerous administrative burdens on small businesses. But, crucially, it will maintain the UK’s high standards of protection for consumers and ensure we retain our adequacy status with the EU.
Understanding business perspectives
To highlight the views of SME leaders and the public on the future of data protection, the Data & Marketing Association (DMA), the UK’s data-driven marketing trade body, recently published the Data Horizons: How UK SMEs and Consumers View the Future of Privacy Regulation report.
It revealed that two-thirds (66%) of SMEs are supportive of the government introducing updated and modernised data privacy regulation to address the challenges of GDPR.
Many businesses admitted to facing inherent challenges when it comes to processing personal customer data. Nearly half of SMEs (43%) say their businesses’ marketing operations have been stunted by GDPR and nearly a third (31%) claim GDPR has caused them to get rid of a lot of their customer database.
These views mirror our industry leaders’ feedback over recent years, so the DMA was able to champion the best interests of both businesses and their customers throughout DPDI’s development. Many of our recommendations were adopted in the below revisions.
Clarifying legitimate interests is key for business
Our research also found that three-quarters of SMEs (75%) want data protection regulations that easily enable them to prospect for new business. A similar percentage (76%) want regulations that make it easier to talk to their current customers.
One of the most significant reforms is the greater certainty on legitimate interests — this will encourage more businesses to use it as a lawful basis for data processing where appropriate.
When GDPR was implemented, many businesses did not have confidence that they could rely on legitimate interests as a lawful basis for processing data for marketing, thereby reducing opportunities to attract new customers and to know their existing customers better.
Attracting and retaining customers and donors (through direct marketing) is now clearly identified as a legitimate interest, but customers retain an overriding right to object to marketing should they not wish to do business with a specific organisation.
Important reforms for marketers
Nearly half (48%) of SMEs express concern that GDPR introduced unnecessary bureaucracy to businesses, while over a third (37%) say it does not work for small businesses.
DPDI will reduce the amount of paperwork that organisations need to complete to demonstrate compliance in several areas — something that will be especially beneficial to smaller organisations.
Critically, if a business’ data processing is not deemed as “high risk” to individuals, it will now be exempt from record-keeping obligations, as well as the need to have a data protection officer and to conduct risk assessments. For most small businesses, which only use small amounts of personal data, this will come as a huge relief, helping them to concentrate their limited resource on other essential tasks.
There is an expanded range of exemptions to consent for cookies — something that will reduce consent banners, especially for ecommerce and charity websites that do not take advertising. Exemptions include collecting statistical information, enabling the way a website appears or functions and for necessary security updates.
This will improve the customer experience by reducing the number of consent banners while also reducing unnecessary red tape for legitimate website functionality. This will benefit online users and the businesses trying to understand them better.
There is also an extension of the soft opt-in for email to non-commercial organisations, enabling charities to communicate with existing donors and volunteers — affording these organisations the same opportunities as businesses for email marketing.
Additional consumer protections
For many years, the DMA has fought a campaign against rogue cold callers, working closely with the Information Commissioner’s Office.
The Telephone Preference Service, which we created many years ago, is the UK’s only official “do not call” register for landlines and mobile numbers. It allows people and businesses to opt out of unsolicited live sales and marketing calls, with businesses legally obliged to screen against this database — a vital consumer protection against rogue organisations.
Therefore, the increase in fines for rogue cold calling to match the fines in GDPR of £17.5m, or 4% of global turnover, is a strong addition. This will further protect people by driving rogues out of business.
Implementing common-sense reforms
These are several key areas in which the new legislation provides pragmatic, sensible change that will encourage innovation while preserving a high level of consumer protection.
In the realm of marketing, these reforms will help marketers better engage with new and existing customers, while maintaining their current privacy protections, such as their right to object to marketing at any time.
We are confident that the bill should act as a catalyst for growth, while maintaining the trust of the public in the regulatory landscape — an essential dynamic that will further build the UK’s status as a leading global tech hub.
Chris Combemale is chief executive of the Data & Marketing Association, chair of the Data Protection and Digital Information Business Advisory Group and chair of Jicmail