SlideShare una empresa de Scribd logo
1 de 26
Descargar para leer sin conexión
DataAn introduction to data
protection 2013

protection

Thursday 308January 2014, DMA House
Friday February
#dmadata

Supported by
Agenda
9.00am

Registration and breakfast

9.30am

Why is data protection important?

9.40am

Understanding the law
The Data Protection Act 1998
Key terms
8 Principles

10.40am

Break

11.00am

Understanding the law
The Privacy and Electronic Communications Regulation 2003
Key rules
Key points

11.30am

Practical tips for marketers

12.00am

Summary and questions

12.30am

Close
Why is it important?
•
•
•
•

It helps us to protect information about ourselves and others
It helps us avoid damage to the reputation of our organisation
It makes good business sense – it can increase efficiency and
effectiveness
It helps us avoid enforcement action by the Information
Commissioner
– both employers and employees can be prosecuted
– companies can face a monetary penalty of up to £500,000 for
major breaches
Understanding the law 1
•

Data Protection Act 1998 (DPA)
– Came into force 1 March 2000
– Replaced 1984 Act
– Covers doing anything with data
– Applies electronic records and some manual records
Key Terms
•

•

Personal data
– any data that can be used to identify a living individual
– Examples of personal data can include:
• Name and address
• Email address (even business email addresses if they are non
generic)
• Name and telephone number
• Photographs
– Only personal data is protected by the DPA
Sensitive personal data
– any data relating to:
• Health
• Race or ethnic origin
• Political opinions
• Religious beliefs
• Trade union membership
• Sex life
• Criminal proceedings or convictions
Key terms
•

Processing
– obtaining, recording or holding information or carrying out any
operation on the information including
• Organising
• Adapting
• Retrieving
• Disclosing
• Blocking
• Destroying

•

Data subject
– a living identifiable individual to whom the personal data
relates
Key Terms
•

Data controller
- Determines how data will be used
- Usually owns or rents the data (may be done by 3 rd
party on their behalf)
- Required to notify (register) as a controller with the ICO
- May be fined by ICO if any data breaches arise

•

Data processor
- Processes data on behalf of controller or other
processor
- Processing can be anything from data storage to
advanced data manipulation and modelling
- Includes companies that manage / broker / collect data
on behalf of others
The 8 Principles
•
•
•
•
•
•
•

Fairly and lawfully collected
Processed for specified and limited purposes
Adequate, relevant and not excessive
Accurate and kept up to date
Not kept for longer than necessary
Processed in accordance with Individuals’ rights
Security – appropriate technical and organisational
measures
• Not transferred outside the European Economic Area (EEA)
unless adequate protections are in place
• (EEA: The 28 member states of the EU, plus Iceland,
Liechtenstein and Norway)
Principle 1: Fairly and lawfully
collected
•

Fair processing information provided

•

Organisation’s identity given

•

Purpose of collection made clear

•

Further information necessary

•

Correct permissions obtained
- Implied consent: opt-out mechanism provided
- Express consent: opt-in mechanism provided

•

Sensitive personal data only captured if strictly necessary
Principle 2: Processed for limited
purposes
• Only process data for the purpose(s) you told the individual
• Make the purpose(s) clear at the point of data collection
• Change of circumstances – what happens to the data then?
• Subsequent use of data for direct marketing purposes
• Data cleansing – regular and ad hoc
Principle 3: Adequate, relevant
and not excessive
•

Minimum amount of information required

•

Additional information for specific individuals

•

Collect data that you will use now

•

Collection of data that ‘may be useful’ in the future is not permitted
Principle 4: Accurate and kept up
to date
•

Take reasonable steps to ensure accuracy (but what is
‘reasonable’?)

•

Ensure data is not incorrect or misleading

•

Undertake regular data cleansing

•

Clean data against the relevant preference service files and other
appropriate cleansing files
Principle 5: Not kept for longer
than necessary
• Keep for as long as purpose collected for
• Suppression lists
Principle 6: Processed in
accordance with the rights of data
subjects
•

Subject access requests

•

‘Where did you get my data from?’

•

Right to prevent direct marketing

•

Customer service / legally required communications – no opt-out
provision required

•

Right to have inaccurate data corrected
Principle 7: Technological and
organisational security
•

Data security must be appropriate – take account of:
– Current state of technological development
– Cost of implementing security measures
– Potential harm that could result from a data breach
– Nature of data to be protected – non/sensitive?

•

Need for risk assessment and risk management techniques

•

Record your findings and assessments
Principle 7: Technological and
organisational security (continued)
•

Ensure adequate organisational data security measures

•

Prevent unauthorised as well as unlawful processing or disclosure
of data

•

Security measures by data controller and data processor

•

Data processing and transfer agreements in place

•

Staff training

•

Data access on a ‘need to know’ basis – individual log-ins only

•

Secure disposal of data – internally/externally - keep records
Principle 8: Processed within the
EEA unless adequate protection in
place
•

Data can be freely transferred within the EEA (providing data
transfer agreements are in place)

•

Do not transfer data unless the country (destination and countries
data is routed via) have an adequate level of data protection

•

Need to inform individuals before transferring their data outside
the EEA but do not need their consent
Understanding the law 2
•

Privacy and Electronic Communications Regulations 2003 (PECR)
– Came into force 11 December 2003
– Covers electronic communications – email, telephone, SMS
Key rules
•
•
•
•

Sender must not conceal their identity
Communication must have valid address where opt-outs can be
sent
Opt-in required for individuals (B2C)
Soft opt-in/existing customer exemption – available:
– When you are collecting the address/mobile number in the sale
or negotiations for the sale of a product or service;
– You only send communications about similar products and
services;
– You provided an opportunity at time of collection to opt-out.
Key points
•

Existing customer exemption: Not an excuse for unsolicited contact
where correct permissions were never obtained

•

B2B – Opt-out and marketing message needs to directly relate to
the work they do.

•

Subject headers in emails must be clear and accurate

•

Free and simple-to-use opt-out method must always be provided

•

Action unsubscribe requests promptly – add to internal suppression
file

•

Maintain different flags for different types of communication –
helps to avoid general opt-outs for all channels
Practical tips for marketers
•

Data capture forms

•

Marketing permissions

•

Sourcing data

•

Regaining lost permission
Data capture forms
•

Key information to include;
– Why the data is being requested
– What the data will be used for
– Provision of an opt-in/out for marketing
– Marketing channels to be used
– Link to privacy policy

•

Key information to include in privacy policy
– How the data subject can opt-out of marketing
– If the data will be processed outside the EEA
– How long the data will be kept for
– How to make a subject access request
– How to make a complaint regarding use of data
Marketing permissions
B2C

B2B

SMS

Own marketing 3rd party marketing Own marketing
opt-out (MPS
opt-out
screening)
opt-out
opt-out (TPS
opt-out
screening)
opt-out
opt-in (unless
corporate
opt-in/ soft optsubscriber
in
opt-in
exemption)
opt-in/ soft optin
opt-in
opt-in

Fax

opt-in

Mail
Telephone

Email

opt-in

opt-out

3rd party marketing
opt-out
opt-out (TPS/ CTPS
screening)
opt-in (unless
corporate subscriber
exemption)
opt-in
opt-out (FPS
screening)
Sourcing data/ Due diligence
•
•
•
•
•
•

Who compiled the list? When? Has it been amended or updated
since?
When was consent obtained?
Who obtained consent and what was the context?
Was it opt-in or opt-out?
Was information provided clearly and intelligibly? How was it
provided?
Did it list organisations by name, by description, or any third party?
Regaining lost permissions
•

•
•
•

Why was permission lost:
– Poor customer service?
– Poor communications timing?
– Inappropriate offers?
– In-house technical issues – permissions not recorded on CRM
system
Revalidation exercise – obtaining up-to-date data
Can very occasionally include request regarding marketing update
in a service message providing it is a minor part of the message
If you have only lost permission for certain channels, contact via
another channel to update permissions
Summary and questions?
Switchboard: (020)7291 3300
Legal helpdesk: legaladvice@dma.org.uk

Más contenido relacionado

La actualidad más candente

3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICECFG
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
The principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - ukThe principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - uk- Mark - Fullbright
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection ActSaimaRafiq
 
GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...m-hance
 
Domain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPRDomain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPRBartLieben
 
Data Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPRData Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPRImogenRutherford
 
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Michael Adamberry
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Engage 2018: GDPR Three Days To Go
Engage 2018: GDPR Three Days To GoEngage 2018: GDPR Three Days To Go
Engage 2018: GDPR Three Days To Gopanagenda
 
Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
 
GDPR will be the new regulation on may 2018
GDPR will be the new regulation on may 2018GDPR will be the new regulation on may 2018
GDPR will be the new regulation on may 2018Marjane Moghimi, ERP
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 

La actualidad más candente (20)

Legal update - Leeds
Legal update - LeedsLegal update - Leeds
Legal update - Leeds
 
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE
 
Data protection
Data protectionData protection
Data protection
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
The principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - ukThe principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - uk
 
Legal update
Legal updateLegal update
Legal update
 
What does GDPR mean for your business?
What does GDPR mean for your business?What does GDPR mean for your business?
What does GDPR mean for your business?
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
 
GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...
 
Domain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPRDomain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPR
 
Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...
 
Data Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPRData Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPR
 
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Engage 2018: GDPR Three Days To Go
Engage 2018: GDPR Three Days To GoEngage 2018: GDPR Three Days To Go
Engage 2018: GDPR Three Days To Go
 
Data protection act
Data protection act Data protection act
Data protection act
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...
 
GDPR will be the new regulation on may 2018
GDPR will be the new regulation on may 2018GDPR will be the new regulation on may 2018
GDPR will be the new regulation on may 2018
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
 

Destacado

Wodache mobile monday
Wodache mobile mondayWodache mobile monday
Wodache mobile mondaymomobeijing
 
Panel - SNS Game
Panel - SNS GamePanel - SNS Game
Panel - SNS Gamemomobeijing
 
Senscape for mo mo bj 530
Senscape for mo mo bj 530Senscape for mo mo bj 530
Senscape for mo mo bj 530momobeijing
 
10 lbs apps from china worth attention
10 lbs apps   from china worth attention  10 lbs apps   from china worth attention
10 lbs apps from china worth attention momobeijing
 
汇聚创新的力量 丘总
汇聚创新的力量 丘总汇聚创新的力量 丘总
汇聚创新的力量 丘总momobeijing
 
Mobile africa 2011
Mobile africa 2011Mobile africa 2011
Mobile africa 2011momobeijing
 
设计驱动移动应用创新
设计驱动移动应用创新设计驱动移动应用创新
设计驱动移动应用创新momobeijing
 
The Evolution of Inbound Marketing
The Evolution of Inbound MarketingThe Evolution of Inbound Marketing
The Evolution of Inbound MarketingByron Fernandez
 
Neuro sky overview orange event
Neuro sky overview   orange eventNeuro sky overview   orange event
Neuro sky overview orange eventmomobeijing
 
Orange&innovation
Orange&innovationOrange&innovation
Orange&innovationmomobeijing
 
Touch china en_mm
Touch china en_mmTouch china en_mm
Touch china en_mmmomobeijing
 
Jiayuan overview & wireless orange labs
Jiayuan overview & wireless   orange labsJiayuan overview & wireless   orange labs
Jiayuan overview & wireless orange labsmomobeijing
 
Nadine heading of future lifestyle
Nadine   heading of future lifestyleNadine   heading of future lifestyle
Nadine heading of future lifestylemomobeijing
 
Html5 在中国的机会、风险和矛盾 磊友黄何 english
Html5 在中国的机会、风险和矛盾 磊友黄何 englishHtml5 在中国的机会、风险和矛盾 磊友黄何 english
Html5 在中国的机会、风险和矛盾 磊友黄何 englishmomobeijing
 
Motorola lifestyle with smart device
Motorola   lifestyle with smart deviceMotorola   lifestyle with smart device
Motorola lifestyle with smart devicemomobeijing
 
共享妈妈晒201205定稿
共享妈妈晒201205定稿共享妈妈晒201205定稿
共享妈妈晒201205定稿momobeijing
 

Destacado (20)

Wodache mobile monday
Wodache mobile mondayWodache mobile monday
Wodache mobile monday
 
Panel - SNS Game
Panel - SNS GamePanel - SNS Game
Panel - SNS Game
 
Senscape for mo mo bj 530
Senscape for mo mo bj 530Senscape for mo mo bj 530
Senscape for mo mo bj 530
 
Edu 290
Edu 290Edu 290
Edu 290
 
10 lbs apps from china worth attention
10 lbs apps   from china worth attention  10 lbs apps   from china worth attention
10 lbs apps from china worth attention
 
汇聚创新的力量 丘总
汇聚创新的力量 丘总汇聚创新的力量 丘总
汇聚创新的力量 丘总
 
DMA Cookies update
DMA Cookies updateDMA Cookies update
DMA Cookies update
 
Mobile africa 2011
Mobile africa 2011Mobile africa 2011
Mobile africa 2011
 
设计驱动移动应用创新
设计驱动移动应用创新设计驱动移动应用创新
设计驱动移动应用创新
 
The Evolution of Inbound Marketing
The Evolution of Inbound MarketingThe Evolution of Inbound Marketing
The Evolution of Inbound Marketing
 
Neuro sky overview orange event
Neuro sky overview   orange eventNeuro sky overview   orange event
Neuro sky overview orange event
 
Orange&innovation
Orange&innovationOrange&innovation
Orange&innovation
 
Touch china en_mm
Touch china en_mmTouch china en_mm
Touch china en_mm
 
Jiayuan overview & wireless orange labs
Jiayuan overview & wireless   orange labsJiayuan overview & wireless   orange labs
Jiayuan overview & wireless orange labs
 
Nadine heading of future lifestyle
Nadine   heading of future lifestyleNadine   heading of future lifestyle
Nadine heading of future lifestyle
 
Master ppt social
Master ppt socialMaster ppt social
Master ppt social
 
Almost Extinct
Almost ExtinctAlmost Extinct
Almost Extinct
 
Html5 在中国的机会、风险和矛盾 磊友黄何 english
Html5 在中国的机会、风险和矛盾 磊友黄何 englishHtml5 在中国的机会、风险和矛盾 磊友黄何 english
Html5 在中国的机会、风险和矛盾 磊友黄何 english
 
Motorola lifestyle with smart device
Motorola   lifestyle with smart deviceMotorola   lifestyle with smart device
Motorola lifestyle with smart device
 
共享妈妈晒201205定稿
共享妈妈晒201205定稿共享妈妈晒201205定稿
共享妈妈晒201205定稿
 

Similar a An introduction to data protection - 30 Jan 2014

Data protection janine paterson - direct marketing association
Data protection   janine paterson - direct marketing associationData protection   janine paterson - direct marketing association
Data protection janine paterson - direct marketing associationiof_events
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]Kwanzoo Inc
 
Data Protection Act presentation
Data Protection Act presentationData Protection Act presentation
Data Protection Act presentationIan Clive Oultram
 
Introduction to EU General Data Protection Regulation: Planning, Implementat...
 Introduction to EU General Data Protection Regulation: Planning, Implementat... Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...Financial Poise
 
Legal update Leeds - 7 October 2014
Legal update Leeds -  7 October 2014Legal update Leeds -  7 October 2014
Legal update Leeds - 7 October 2014Rachel Aldighieri
 
Data protection act new 13 12-11
Data protection act new 13 12-11Data protection act new 13 12-11
Data protection act new 13 12-11mrmwood
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
 
GDPR Privacy Introduction
GDPR Privacy IntroductionGDPR Privacy Introduction
GDPR Privacy IntroductionNiclasGranqvist
 
Getting to grips with General Data Protection Regulation (GDPR)
Getting to grips with General Data Protection Regulation (GDPR)Getting to grips with General Data Protection Regulation (GDPR)
Getting to grips with General Data Protection Regulation (GDPR)Zoodikers
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
Scott Appleton: GDPR - Big Bang or Data Evolution?
Scott Appleton: GDPR - Big Bang or Data Evolution?Scott Appleton: GDPR - Big Bang or Data Evolution?
Scott Appleton: GDPR - Big Bang or Data Evolution?Emily Jones
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationGrittyCC
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsWSO2
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
 
The dma legal update summer 2014
The dma legal update summer 2014 The dma legal update summer 2014
The dma legal update summer 2014 Rachel Aldighieri
 
GDPR webinar presentation | LawBite
GDPR webinar presentation | LawBiteGDPR webinar presentation | LawBite
GDPR webinar presentation | LawBiteClive Rich
 

Similar a An introduction to data protection - 30 Jan 2014 (20)

Data protection janine paterson - direct marketing association
Data protection   janine paterson - direct marketing associationData protection   janine paterson - direct marketing association
Data protection janine paterson - direct marketing association
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]
 
Gdpr for business full
Gdpr for business fullGdpr for business full
Gdpr for business full
 
Data Protection Act presentation
Data Protection Act presentationData Protection Act presentation
Data Protection Act presentation
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article Overview
 
Introduction to EU General Data Protection Regulation: Planning, Implementat...
 Introduction to EU General Data Protection Regulation: Planning, Implementat... Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...
 
Legal update Leeds - 7 October 2014
Legal update Leeds -  7 October 2014Legal update Leeds -  7 October 2014
Legal update Leeds - 7 October 2014
 
Prepare Your Firm for GDPR
Prepare Your Firm for GDPRPrepare Your Firm for GDPR
Prepare Your Firm for GDPR
 
Data protection act new 13 12-11
Data protection act new 13 12-11Data protection act new 13 12-11
Data protection act new 13 12-11
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
 
GDPR Privacy Introduction
GDPR Privacy IntroductionGDPR Privacy Introduction
GDPR Privacy Introduction
 
Getting to grips with General Data Protection Regulation (GDPR)
Getting to grips with General Data Protection Regulation (GDPR)Getting to grips with General Data Protection Regulation (GDPR)
Getting to grips with General Data Protection Regulation (GDPR)
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
Scott Appleton: GDPR - Big Bang or Data Evolution?
Scott Appleton: GDPR - Big Bang or Data Evolution?Scott Appleton: GDPR - Big Bang or Data Evolution?
Scott Appleton: GDPR - Big Bang or Data Evolution?
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity Architects
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
 
The dma legal update summer 2014
The dma legal update summer 2014 The dma legal update summer 2014
The dma legal update summer 2014
 
GDPR webinar presentation | LawBite
GDPR webinar presentation | LawBiteGDPR webinar presentation | LawBite
GDPR webinar presentation | LawBite
 

Más de Rachel Aldighieri

Taking the lead: customer acquisition barometer 2015
Taking the lead: customer acquisition barometer 2015Taking the lead: customer acquisition barometer 2015
Taking the lead: customer acquisition barometer 2015Rachel Aldighieri
 
The value of mail: what planners and marketers need to know
The value of mail: what planners and marketers need to knowThe value of mail: what planners and marketers need to know
The value of mail: what planners and marketers need to knowRachel Aldighieri
 
Sharpen your social media skills
Sharpen your social media skillsSharpen your social media skills
Sharpen your social media skillsRachel Aldighieri
 
Stop selling and start serving: how to bring data, creativity and technology ...
Stop selling and start serving: how to bring data, creativity and technology ...Stop selling and start serving: how to bring data, creativity and technology ...
Stop selling and start serving: how to bring data, creativity and technology ...Rachel Aldighieri
 
FEDMA - Legal Fact Pack Summary and Pre-order Form
FEDMA - Legal Fact Pack Summary and Pre-order FormFEDMA - Legal Fact Pack Summary and Pre-order Form
FEDMA - Legal Fact Pack Summary and Pre-order FormRachel Aldighieri
 
European Legal and Privacy Update with FEDMA
European Legal and Privacy Update with FEDMAEuropean Legal and Privacy Update with FEDMA
European Legal and Privacy Update with FEDMARachel Aldighieri
 
DMA Awards unplugged: a practical workshop - Thursday 13 August
DMA Awards unplugged: a practical workshop - Thursday 13 AugustDMA Awards unplugged: a practical workshop - Thursday 13 August
DMA Awards unplugged: a practical workshop - Thursday 13 AugustRachel Aldighieri
 
DMA Awards unplugged - 30 July 2015
DMA Awards unplugged - 30 July 2015DMA Awards unplugged - 30 July 2015
DMA Awards unplugged - 30 July 2015Rachel Aldighieri
 
DMA Copywriting census reveal - Manchester
DMA Copywriting census reveal - ManchesterDMA Copywriting census reveal - Manchester
DMA Copywriting census reveal - ManchesterRachel Aldighieri
 
Data detailed: how to buy and sell information responsibly - 08.07.2015
Data detailed: how to buy and sell information responsibly - 08.07.2015Data detailed: how to buy and sell information responsibly - 08.07.2015
Data detailed: how to buy and sell information responsibly - 08.07.2015Rachel Aldighieri
 
Data privacy: what the consumer really thinks - 30.06.2015
Data privacy: what the consumer really thinks - 30.06.2015Data privacy: what the consumer really thinks - 30.06.2015
Data privacy: what the consumer really thinks - 30.06.2015Rachel Aldighieri
 
In search of the perfect customer journey - Manchester
In search of the perfect customer journey - ManchesterIn search of the perfect customer journey - Manchester
In search of the perfect customer journey - ManchesterRachel Aldighieri
 
Simon Gill, Chief Creative Officer, DigitasLBi
Simon Gill, Chief Creative Officer, DigitasLBiSimon Gill, Chief Creative Officer, DigitasLBi
Simon Gill, Chief Creative Officer, DigitasLBiRachel Aldighieri
 
Mark Hancock, Planning Director, The Real Adventure Unlimited...
Mark Hancock, Planning Director, The Real Adventure Unlimited...Mark Hancock, Planning Director, The Real Adventure Unlimited...
Mark Hancock, Planning Director, The Real Adventure Unlimited...Rachel Aldighieri
 
Tim Lindsay, Chief Executive Officer, D&AD
Tim Lindsay, Chief Executive Officer, D&ADTim Lindsay, Chief Executive Officer, D&AD
Tim Lindsay, Chief Executive Officer, D&ADRachel Aldighieri
 
David Meikle, Founding Partner, Redsalt
David Meikle, Founding Partner, RedsaltDavid Meikle, Founding Partner, Redsalt
David Meikle, Founding Partner, RedsaltRachel Aldighieri
 
Thinking inside the box data permission strategies - Wednesday 18 November
Thinking inside the box data permission strategies - Wednesday 18 NovemberThinking inside the box data permission strategies - Wednesday 18 November
Thinking inside the box data permission strategies - Wednesday 18 NovemberRachel Aldighieri
 

Más de Rachel Aldighieri (20)

Navigating B2B marketing
Navigating B2B marketingNavigating B2B marketing
Navigating B2B marketing
 
Taking the lead: customer acquisition barometer 2015
Taking the lead: customer acquisition barometer 2015Taking the lead: customer acquisition barometer 2015
Taking the lead: customer acquisition barometer 2015
 
The value of mail: what planners and marketers need to know
The value of mail: what planners and marketers need to knowThe value of mail: what planners and marketers need to know
The value of mail: what planners and marketers need to know
 
Sharpen your social media skills
Sharpen your social media skillsSharpen your social media skills
Sharpen your social media skills
 
Stop selling and start serving: how to bring data, creativity and technology ...
Stop selling and start serving: how to bring data, creativity and technology ...Stop selling and start serving: how to bring data, creativity and technology ...
Stop selling and start serving: how to bring data, creativity and technology ...
 
FEDMA - Legal Fact Pack Summary and Pre-order Form
FEDMA - Legal Fact Pack Summary and Pre-order FormFEDMA - Legal Fact Pack Summary and Pre-order Form
FEDMA - Legal Fact Pack Summary and Pre-order Form
 
European Legal and Privacy Update with FEDMA
European Legal and Privacy Update with FEDMAEuropean Legal and Privacy Update with FEDMA
European Legal and Privacy Update with FEDMA
 
DMA Awards unplugged: a practical workshop - Thursday 13 August
DMA Awards unplugged: a practical workshop - Thursday 13 AugustDMA Awards unplugged: a practical workshop - Thursday 13 August
DMA Awards unplugged: a practical workshop - Thursday 13 August
 
DMA Awards unplugged - 30 July 2015
DMA Awards unplugged - 30 July 2015DMA Awards unplugged - 30 July 2015
DMA Awards unplugged - 30 July 2015
 
DMA Copywriting census reveal - Manchester
DMA Copywriting census reveal - ManchesterDMA Copywriting census reveal - Manchester
DMA Copywriting census reveal - Manchester
 
Data detailed: how to buy and sell information responsibly - 08.07.2015
Data detailed: how to buy and sell information responsibly - 08.07.2015Data detailed: how to buy and sell information responsibly - 08.07.2015
Data detailed: how to buy and sell information responsibly - 08.07.2015
 
Legal update - 1 July
Legal update - 1 JulyLegal update - 1 July
Legal update - 1 July
 
Data privacy: what the consumer really thinks - 30.06.2015
Data privacy: what the consumer really thinks - 30.06.2015Data privacy: what the consumer really thinks - 30.06.2015
Data privacy: what the consumer really thinks - 30.06.2015
 
In search of the perfect customer journey - Manchester
In search of the perfect customer journey - ManchesterIn search of the perfect customer journey - Manchester
In search of the perfect customer journey - Manchester
 
ZEDTalk 3: Creativity & ROI
ZEDTalk 3: Creativity & ROIZEDTalk 3: Creativity & ROI
ZEDTalk 3: Creativity & ROI
 
Simon Gill, Chief Creative Officer, DigitasLBi
Simon Gill, Chief Creative Officer, DigitasLBiSimon Gill, Chief Creative Officer, DigitasLBi
Simon Gill, Chief Creative Officer, DigitasLBi
 
Mark Hancock, Planning Director, The Real Adventure Unlimited...
Mark Hancock, Planning Director, The Real Adventure Unlimited...Mark Hancock, Planning Director, The Real Adventure Unlimited...
Mark Hancock, Planning Director, The Real Adventure Unlimited...
 
Tim Lindsay, Chief Executive Officer, D&AD
Tim Lindsay, Chief Executive Officer, D&ADTim Lindsay, Chief Executive Officer, D&AD
Tim Lindsay, Chief Executive Officer, D&AD
 
David Meikle, Founding Partner, Redsalt
David Meikle, Founding Partner, RedsaltDavid Meikle, Founding Partner, Redsalt
David Meikle, Founding Partner, Redsalt
 
Thinking inside the box data permission strategies - Wednesday 18 November
Thinking inside the box data permission strategies - Wednesday 18 NovemberThinking inside the box data permission strategies - Wednesday 18 November
Thinking inside the box data permission strategies - Wednesday 18 November
 

Último

Digital Marketing Services like SEO, SMM, SEM
Digital Marketing Services like SEO, SMM, SEMDigital Marketing Services like SEO, SMM, SEM
Digital Marketing Services like SEO, SMM, SEMNazal Digital
 
TAM AdEx-A Pixelated view into Digital Advertising Trends for Y 2023.pdf
TAM AdEx-A Pixelated view into Digital Advertising Trends for Y 2023.pdfTAM AdEx-A Pixelated view into Digital Advertising Trends for Y 2023.pdf
TAM AdEx-A Pixelated view into Digital Advertising Trends for Y 2023.pdfSocial Samosa
 
Fashion-Marketing-1- Assaginment mid.pdf
Fashion-Marketing-1- Assaginment mid.pdfFashion-Marketing-1- Assaginment mid.pdf
Fashion-Marketing-1- Assaginment mid.pdfUttara University
 
Crafting High-Converting eCommerce Landing Pages
Crafting High-Converting eCommerce Landing PagesCrafting High-Converting eCommerce Landing Pages
Crafting High-Converting eCommerce Landing PagesVWO
 
The 2024 Next Gen Attention Study - www.livewire.group
The 2024 Next Gen Attention Study - www.livewire.groupThe 2024 Next Gen Attention Study - www.livewire.group
The 2024 Next Gen Attention Study - www.livewire.groupLivewire
 
Ppt regarding of Digital Marketing cours
Ppt regarding of Digital Marketing coursPpt regarding of Digital Marketing cours
Ppt regarding of Digital Marketing courstegveersingh09
 
The Creative Marketing campaigns of WeRoad
The Creative Marketing campaigns of WeRoadThe Creative Marketing campaigns of WeRoad
The Creative Marketing campaigns of WeRoadFabio Bin
 
Podvertise.fm - Podcast Advertising Marketplace - Startup Pitch Deck
Podvertise.fm - Podcast Advertising Marketplace - Startup Pitch DeckPodvertise.fm - Podcast Advertising Marketplace - Startup Pitch Deck
Podvertise.fm - Podcast Advertising Marketplace - Startup Pitch DeckNedko Nedkov
 
A_B Testing Personalized Meditation Recommendations.pdf
A_B Testing Personalized Meditation Recommendations.pdfA_B Testing Personalized Meditation Recommendations.pdf
A_B Testing Personalized Meditation Recommendations.pdfVWO
 
Converting with Comedy: Research Parallels for CRO
Converting with Comedy: Research Parallels for CROConverting with Comedy: Research Parallels for CRO
Converting with Comedy: Research Parallels for CROVWO
 
A navigation of two creative processes Study
A navigation of two creative processes StudyA navigation of two creative processes Study
A navigation of two creative processes Studystuwilson.co.uk
 
Marketing Team of 1, A Framework To Win!
Marketing Team of 1, A Framework To Win!Marketing Team of 1, A Framework To Win!
Marketing Team of 1, A Framework To Win!Joseph Skibbie
 
Friends of Search '24 - Scaling SEO_ Lessons for All Types of Sites.pptx
Friends of Search '24 - Scaling SEO_ Lessons for All Types of Sites.pptxFriends of Search '24 - Scaling SEO_ Lessons for All Types of Sites.pptx
Friends of Search '24 - Scaling SEO_ Lessons for All Types of Sites.pptxGregory Edwards
 
Unifying feature management with experiments - Server Side Webinar (1).pdf
Unifying feature management with experiments - Server Side Webinar (1).pdfUnifying feature management with experiments - Server Side Webinar (1).pdf
Unifying feature management with experiments - Server Side Webinar (1).pdfVWO
 
Friends of Search Future Proof Accounts.pptx
Friends of Search Future Proof Accounts.pptxFriends of Search Future Proof Accounts.pptx
Friends of Search Future Proof Accounts.pptxNavah Hopkins
 
ToShare_UG 13_03_24_Full_BelgianTrailblazerCommunity.pptx
ToShare_UG 13_03_24_Full_BelgianTrailblazerCommunity.pptxToShare_UG 13_03_24_Full_BelgianTrailblazerCommunity.pptx
ToShare_UG 13_03_24_Full_BelgianTrailblazerCommunity.pptxivanrazine1
 
Digital Marketing Analytics: Driving Hotel Success (2016 May report)
Digital Marketing Analytics: Driving Hotel Success (2016 May report)Digital Marketing Analytics: Driving Hotel Success (2016 May report)
Digital Marketing Analytics: Driving Hotel Success (2016 May report)yaeyukimoto
 
Increase Your Website Sales & Leads Webinar
Increase Your Website Sales & Leads WebinarIncrease Your Website Sales & Leads Webinar
Increase Your Website Sales & Leads WebinarSEO Optimizers
 
Cricket Playbook for Growth Marketers: Adjust x Glance report
Cricket Playbook for Growth Marketers: Adjust x Glance reportCricket Playbook for Growth Marketers: Adjust x Glance report
Cricket Playbook for Growth Marketers: Adjust x Glance reportSocial Samosa
 
Top 15 Emerging Technologies for the Modern World
Top 15 Emerging Technologies for the Modern WorldTop 15 Emerging Technologies for the Modern World
Top 15 Emerging Technologies for the Modern WorldD Cloud Solutions
 

Último (20)

Digital Marketing Services like SEO, SMM, SEM
Digital Marketing Services like SEO, SMM, SEMDigital Marketing Services like SEO, SMM, SEM
Digital Marketing Services like SEO, SMM, SEM
 
TAM AdEx-A Pixelated view into Digital Advertising Trends for Y 2023.pdf
TAM AdEx-A Pixelated view into Digital Advertising Trends for Y 2023.pdfTAM AdEx-A Pixelated view into Digital Advertising Trends for Y 2023.pdf
TAM AdEx-A Pixelated view into Digital Advertising Trends for Y 2023.pdf
 
Fashion-Marketing-1- Assaginment mid.pdf
Fashion-Marketing-1- Assaginment mid.pdfFashion-Marketing-1- Assaginment mid.pdf
Fashion-Marketing-1- Assaginment mid.pdf
 
Crafting High-Converting eCommerce Landing Pages
Crafting High-Converting eCommerce Landing PagesCrafting High-Converting eCommerce Landing Pages
Crafting High-Converting eCommerce Landing Pages
 
The 2024 Next Gen Attention Study - www.livewire.group
The 2024 Next Gen Attention Study - www.livewire.groupThe 2024 Next Gen Attention Study - www.livewire.group
The 2024 Next Gen Attention Study - www.livewire.group
 
Ppt regarding of Digital Marketing cours
Ppt regarding of Digital Marketing coursPpt regarding of Digital Marketing cours
Ppt regarding of Digital Marketing cours
 
The Creative Marketing campaigns of WeRoad
The Creative Marketing campaigns of WeRoadThe Creative Marketing campaigns of WeRoad
The Creative Marketing campaigns of WeRoad
 
Podvertise.fm - Podcast Advertising Marketplace - Startup Pitch Deck
Podvertise.fm - Podcast Advertising Marketplace - Startup Pitch DeckPodvertise.fm - Podcast Advertising Marketplace - Startup Pitch Deck
Podvertise.fm - Podcast Advertising Marketplace - Startup Pitch Deck
 
A_B Testing Personalized Meditation Recommendations.pdf
A_B Testing Personalized Meditation Recommendations.pdfA_B Testing Personalized Meditation Recommendations.pdf
A_B Testing Personalized Meditation Recommendations.pdf
 
Converting with Comedy: Research Parallels for CRO
Converting with Comedy: Research Parallels for CROConverting with Comedy: Research Parallels for CRO
Converting with Comedy: Research Parallels for CRO
 
A navigation of two creative processes Study
A navigation of two creative processes StudyA navigation of two creative processes Study
A navigation of two creative processes Study
 
Marketing Team of 1, A Framework To Win!
Marketing Team of 1, A Framework To Win!Marketing Team of 1, A Framework To Win!
Marketing Team of 1, A Framework To Win!
 
Friends of Search '24 - Scaling SEO_ Lessons for All Types of Sites.pptx
Friends of Search '24 - Scaling SEO_ Lessons for All Types of Sites.pptxFriends of Search '24 - Scaling SEO_ Lessons for All Types of Sites.pptx
Friends of Search '24 - Scaling SEO_ Lessons for All Types of Sites.pptx
 
Unifying feature management with experiments - Server Side Webinar (1).pdf
Unifying feature management with experiments - Server Side Webinar (1).pdfUnifying feature management with experiments - Server Side Webinar (1).pdf
Unifying feature management with experiments - Server Side Webinar (1).pdf
 
Friends of Search Future Proof Accounts.pptx
Friends of Search Future Proof Accounts.pptxFriends of Search Future Proof Accounts.pptx
Friends of Search Future Proof Accounts.pptx
 
ToShare_UG 13_03_24_Full_BelgianTrailblazerCommunity.pptx
ToShare_UG 13_03_24_Full_BelgianTrailblazerCommunity.pptxToShare_UG 13_03_24_Full_BelgianTrailblazerCommunity.pptx
ToShare_UG 13_03_24_Full_BelgianTrailblazerCommunity.pptx
 
Digital Marketing Analytics: Driving Hotel Success (2016 May report)
Digital Marketing Analytics: Driving Hotel Success (2016 May report)Digital Marketing Analytics: Driving Hotel Success (2016 May report)
Digital Marketing Analytics: Driving Hotel Success (2016 May report)
 
Increase Your Website Sales & Leads Webinar
Increase Your Website Sales & Leads WebinarIncrease Your Website Sales & Leads Webinar
Increase Your Website Sales & Leads Webinar
 
Cricket Playbook for Growth Marketers: Adjust x Glance report
Cricket Playbook for Growth Marketers: Adjust x Glance reportCricket Playbook for Growth Marketers: Adjust x Glance report
Cricket Playbook for Growth Marketers: Adjust x Glance report
 
Top 15 Emerging Technologies for the Modern World
Top 15 Emerging Technologies for the Modern WorldTop 15 Emerging Technologies for the Modern World
Top 15 Emerging Technologies for the Modern World
 

An introduction to data protection - 30 Jan 2014

  • 1. DataAn introduction to data protection 2013 protection Thursday 308January 2014, DMA House Friday February #dmadata Supported by
  • 2. Agenda 9.00am Registration and breakfast 9.30am Why is data protection important? 9.40am Understanding the law The Data Protection Act 1998 Key terms 8 Principles 10.40am Break 11.00am Understanding the law The Privacy and Electronic Communications Regulation 2003 Key rules Key points 11.30am Practical tips for marketers 12.00am Summary and questions 12.30am Close
  • 3. Why is it important? • • • • It helps us to protect information about ourselves and others It helps us avoid damage to the reputation of our organisation It makes good business sense – it can increase efficiency and effectiveness It helps us avoid enforcement action by the Information Commissioner – both employers and employees can be prosecuted – companies can face a monetary penalty of up to £500,000 for major breaches
  • 4. Understanding the law 1 • Data Protection Act 1998 (DPA) – Came into force 1 March 2000 – Replaced 1984 Act – Covers doing anything with data – Applies electronic records and some manual records
  • 5. Key Terms • • Personal data – any data that can be used to identify a living individual – Examples of personal data can include: • Name and address • Email address (even business email addresses if they are non generic) • Name and telephone number • Photographs – Only personal data is protected by the DPA Sensitive personal data – any data relating to: • Health • Race or ethnic origin • Political opinions • Religious beliefs • Trade union membership • Sex life • Criminal proceedings or convictions
  • 6. Key terms • Processing – obtaining, recording or holding information or carrying out any operation on the information including • Organising • Adapting • Retrieving • Disclosing • Blocking • Destroying • Data subject – a living identifiable individual to whom the personal data relates
  • 7. Key Terms • Data controller - Determines how data will be used - Usually owns or rents the data (may be done by 3 rd party on their behalf) - Required to notify (register) as a controller with the ICO - May be fined by ICO if any data breaches arise • Data processor - Processes data on behalf of controller or other processor - Processing can be anything from data storage to advanced data manipulation and modelling - Includes companies that manage / broker / collect data on behalf of others
  • 8. The 8 Principles • • • • • • • Fairly and lawfully collected Processed for specified and limited purposes Adequate, relevant and not excessive Accurate and kept up to date Not kept for longer than necessary Processed in accordance with Individuals’ rights Security – appropriate technical and organisational measures • Not transferred outside the European Economic Area (EEA) unless adequate protections are in place • (EEA: The 28 member states of the EU, plus Iceland, Liechtenstein and Norway)
  • 9. Principle 1: Fairly and lawfully collected • Fair processing information provided • Organisation’s identity given • Purpose of collection made clear • Further information necessary • Correct permissions obtained - Implied consent: opt-out mechanism provided - Express consent: opt-in mechanism provided • Sensitive personal data only captured if strictly necessary
  • 10. Principle 2: Processed for limited purposes • Only process data for the purpose(s) you told the individual • Make the purpose(s) clear at the point of data collection • Change of circumstances – what happens to the data then? • Subsequent use of data for direct marketing purposes • Data cleansing – regular and ad hoc
  • 11. Principle 3: Adequate, relevant and not excessive • Minimum amount of information required • Additional information for specific individuals • Collect data that you will use now • Collection of data that ‘may be useful’ in the future is not permitted
  • 12. Principle 4: Accurate and kept up to date • Take reasonable steps to ensure accuracy (but what is ‘reasonable’?) • Ensure data is not incorrect or misleading • Undertake regular data cleansing • Clean data against the relevant preference service files and other appropriate cleansing files
  • 13. Principle 5: Not kept for longer than necessary • Keep for as long as purpose collected for • Suppression lists
  • 14. Principle 6: Processed in accordance with the rights of data subjects • Subject access requests • ‘Where did you get my data from?’ • Right to prevent direct marketing • Customer service / legally required communications – no opt-out provision required • Right to have inaccurate data corrected
  • 15. Principle 7: Technological and organisational security • Data security must be appropriate – take account of: – Current state of technological development – Cost of implementing security measures – Potential harm that could result from a data breach – Nature of data to be protected – non/sensitive? • Need for risk assessment and risk management techniques • Record your findings and assessments
  • 16. Principle 7: Technological and organisational security (continued) • Ensure adequate organisational data security measures • Prevent unauthorised as well as unlawful processing or disclosure of data • Security measures by data controller and data processor • Data processing and transfer agreements in place • Staff training • Data access on a ‘need to know’ basis – individual log-ins only • Secure disposal of data – internally/externally - keep records
  • 17. Principle 8: Processed within the EEA unless adequate protection in place • Data can be freely transferred within the EEA (providing data transfer agreements are in place) • Do not transfer data unless the country (destination and countries data is routed via) have an adequate level of data protection • Need to inform individuals before transferring their data outside the EEA but do not need their consent
  • 18. Understanding the law 2 • Privacy and Electronic Communications Regulations 2003 (PECR) – Came into force 11 December 2003 – Covers electronic communications – email, telephone, SMS
  • 19. Key rules • • • • Sender must not conceal their identity Communication must have valid address where opt-outs can be sent Opt-in required for individuals (B2C) Soft opt-in/existing customer exemption – available: – When you are collecting the address/mobile number in the sale or negotiations for the sale of a product or service; – You only send communications about similar products and services; – You provided an opportunity at time of collection to opt-out.
  • 20. Key points • Existing customer exemption: Not an excuse for unsolicited contact where correct permissions were never obtained • B2B – Opt-out and marketing message needs to directly relate to the work they do. • Subject headers in emails must be clear and accurate • Free and simple-to-use opt-out method must always be provided • Action unsubscribe requests promptly – add to internal suppression file • Maintain different flags for different types of communication – helps to avoid general opt-outs for all channels
  • 21. Practical tips for marketers • Data capture forms • Marketing permissions • Sourcing data • Regaining lost permission
  • 22. Data capture forms • Key information to include; – Why the data is being requested – What the data will be used for – Provision of an opt-in/out for marketing – Marketing channels to be used – Link to privacy policy • Key information to include in privacy policy – How the data subject can opt-out of marketing – If the data will be processed outside the EEA – How long the data will be kept for – How to make a subject access request – How to make a complaint regarding use of data
  • 23. Marketing permissions B2C B2B SMS Own marketing 3rd party marketing Own marketing opt-out (MPS opt-out screening) opt-out opt-out (TPS opt-out screening) opt-out opt-in (unless corporate opt-in/ soft optsubscriber in opt-in exemption) opt-in/ soft optin opt-in opt-in Fax opt-in Mail Telephone Email opt-in opt-out 3rd party marketing opt-out opt-out (TPS/ CTPS screening) opt-in (unless corporate subscriber exemption) opt-in opt-out (FPS screening)
  • 24. Sourcing data/ Due diligence • • • • • • Who compiled the list? When? Has it been amended or updated since? When was consent obtained? Who obtained consent and what was the context? Was it opt-in or opt-out? Was information provided clearly and intelligibly? How was it provided? Did it list organisations by name, by description, or any third party?
  • 25. Regaining lost permissions • • • • Why was permission lost: – Poor customer service? – Poor communications timing? – Inappropriate offers? – In-house technical issues – permissions not recorded on CRM system Revalidation exercise – obtaining up-to-date data Can very occasionally include request regarding marketing update in a service message providing it is a minor part of the message If you have only lost permission for certain channels, contact via another channel to update permissions
  • 26. Summary and questions? Switchboard: (020)7291 3300 Legal helpdesk: legaladvice@dma.org.uk