background preloader

GDPR , Direct Marketing, First Engagement , CRM

Facebook Twitter

GDPR - Article 21 , Recital 47 , Recital 70

Recital 47
The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.



Recital 70
Where personal data are processed for the purposes of direct marketing, the data subject should have the right to object to such processing, including profiling to the extent that it is related to such direct marketing, whether with regard to initial or further processing, at any time and free of charge

Article 21
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. Article: Individual, non-customer contacts: the key to GDPR compliance. 5 Ways GDPR Will Change Marketing Forever. With GDPR just months away, the digital marketing world is on the precipice of a dramatic transformation.

On May 18, 2018, brands will have to fall in line with an EU regulation that strictly guards and regulates the usage of EU citizen data. The road to GDPR compliance is potentially arduous, and marketers, in particular, will feel the impact of GDPR in their workdays. To grasp just how much of an impact GDPR will have on modern marketing techniques, CMSWire reached out to Walter Van Uytven, CEO of Belgium-based Awingu, a digital workplace software vendor. All Eyes On GDPR Article 4 Marketers need to pay particular attention to article 4 of GDPR in particular. But what does this all mean to marketers in plain English? 1. Inbound marketing is a gigantic slice of the daily routine of a digital marketer, and GDPR is about to regulate it like never before. 2. Marketers will also need to find a way to manage user consent — because it’s not a one-time deal. 3. 4. 5. GDPR imminent as 33% of consumers say they will erase personal data - Digital Leadership Associates.

By Tim Hughes | @Timothy_Hughes It seemed an easy way to get people “pre-pipe” and market to them. For example, you put a 2,000-word e-Book on your website, and collected people’s email addresses as they registered. “Fair Trade” people called it. You gave your email and you got an information rich (you hoped) eBook in return. But that’s all over with the introduction of GDPR A new survey by SAS suggests that nearly half of consumers plan to use their new rights over personal data in May 2018. If, as an organization, you don’t have the people and the processes in place you can get hit by massive fines. In the poll of over 2,000 UK adults, 33% said they plan to exercise their right to remove personal data from retailers, while 33% will also ask that their data stop being used for marketing purposes. Some 17% of people said they will challenge automated decisions, and 24% will access the data that retailers hold on them.

It is not just a case of “opting-in” GDPR for marketers: Five examples of 'Legitimate Interests' You probably found this blog post because you know what the General Data Protection Regulation (GDPR) is, and are concerned about its impact on your day-to-day work as a marketer. When the GDPR comes into effect on 25 May 2018, marketers in the EU (or serving people in the EU) will need to be better aware of the privacy rights for individuals and the lawful grounds for processing their personal data.

One of the six lawful grounds for personal data processing is the 'legitimate interests of the controller or third party', and this is the area we'll be examining in this article, with plenty of help from the excellent Legitimate Interests Guidance produced by the Data Protection Network (sign up to download it here). We'll look at general examples of legitimate interests and more specific examples, too. Update: The ICO released legitimate interests guidance in March 2018 after the publication of this article. What are the six lawful grounds for data processing?

1. 2. 3. 1. 2. 3. 4. 5. How GDPR Will Drive Marketing To Social - Digital Leadership Associates. By Ian Moyse | @imoyse Marketers, you have a problem – and it’s not a small one. In addition to the much discussed changes in buyer behaviour and research showing the demise of traditional marketing approaches, GDPR (General Data Protection Regulation) is now looming over us. This will be enforced from May 25th 2018 and changes what you can and cannot do with data that identifies an individual. A recent DMA Survey found that 70% of marketers were most concerned about how GDPR would affect marketing consent.

More concerning is that only 54% of businesses surveyed by the Direct Marketing Association (DMA) expect to be compliant by the deadline. You must review your marketing activities quickly to ensure data and processes are compliant or close enough to avoid any risk of complaints and fines. Here are some key areas marketing must address: Opt in consent Rights to use data and what for Length data can be kept Right to be forgotten Subhead: In or out? We are a Social Media Agency. Risks to brands under new EU regulations | PageFair. Brands face serious new risks under the GDPR and the ePrivacy Regulation (ePR), and agencies will not be able to shield them. This note explains why, and describes what these risks are.

When the GDPR and the ePrivacy Regulation (ePR) apply a year from now brands that use personal data in their marketing campaigns will become exposed to new legal risks, irrespective of their arrangements with ad agencies. Though the new rules are European, the exposure will be global. Brands are directly exposed for two reasons. The first reason is legal. The second reason is financial. This introduces new pressures to the relationship between brands and agencies. Not only will advertising agencies be unwilling to take on vast, new liabilities to protect their clients, they may be unable to do so too. This leads to the question of what things expose brands to risk. 1. The first type of exposure comes from how brands directly obtain and use personal data. 2. The second type of exposure is less obvious. 3. Risks to brands under new EU regulations | PageFair. Contextual targeting offers solution to strict GDPR regulations | PageFair.

Programmatic online advertising will not cease to exist because of the GDPR or the proposed ePrivacy Directive. Personally-identifiable information (PII) may seem essential to digital advertising, but it is not the only way to target a relevant audience. Targeting based on context was a reliable method for decades before we came to rely on collecting and cross-referencing vast amounts of intrusive data. Analysis of the marketing material released by DSPs listed on the Display Lumascape shows that it will be possible for advertisers to reach audiences despite the GDPR and ePrivacy Directive. DSPs are already able to target based on content and context. * Brandscreen was reported as having again been placed in administration in late-2016 and we could find no clear information on its current status.

Whether DSPs implement their own solutions for contextual targeting or use external partners, forthcoming EU regulations will not mean the end of programmatic advertising. 11 steps to your consent and permissions | UK Fundraising. Fast.MAP and the Institute of Fundraising have published a new guide for charity fundraisers and marketers, offering a step-by-step approach to securing compliant consent and permissions. The guide is published as charities take action to be compliant with the General Data Protection Regulation (GDPR), and following fines levied by the Information Commissioner’s Office (ICO) on 13 large charities for misuse of personal data. David Cole, MD of fast.MAP, explains in the introduction to the 13-page guide: “‘Consent’ is now the new front line for marketing and the implications for every charity are far more profound than a change to a tick-box or a data structure.”

He added that the guide’s function is “to inspire, rather than be prescriptive, because each charity, when embracing consent, will plot their own path.” The 11 proposed “common, sensible steps” are based on fast.MAP’s work with leading charities. Three top tips Cole added that the steps could be further distilled into three tips: 1. GDPR awareness, readiness and compliance in the US, UK and Belgium. The GDPR (General Data Protection Regulation) represents a massive change in personal data protection and privacy. In combination with the ePrivacy Regulation it is changing the EU privacy and security landscape completely. While the GDPR text has been published, the ePrivacy Regulation isn’t final yet. However, achieving GDPR compliance is a massive task and time runs out. Companies across the globe who process personal data of EU ‘data subjects’ (as the GDPR impacts them too) are taking measures.

Only 47 percent of UK businesses are aware of the GDPR You can imagine that larger and data-intensive firms are somewhat more impacted by the GDPR than the average small business that processes personal data of EU citizens on a limited scale. GDPR awareness and readiness in the UK As the GDPR involves various strategic steps, with GDPR awareness as first step, it’s pretty scary to see that even in the area of awareness ABOUT the General Data Protection Regulation there is still a lot of work. What the ICO guidance on GDPR says, and what we think about it | NCVO Blogs. Since the Information Commissioner’s Office (ICO) announced its plans for general data protection regulation (GDPR) guidance earlier this year, I have no doubt that fundraisers and those involved in direct marketing in charities have been waiting with bated breath to see what the ICO’s interpretation of the new regulation is, and what it will require.

The first piece of detailed guidance was published at the start of March for a four-week consultation, and focuses on consent under the GDPR. It’s not just about fundraising As Kristy Weakley at Civil Society rightly says, while the GDPR has mostly been at the top of fundraisers’ agenda, the changes won’t just apply to fundraising. They will apply to all pieces of personal data collected, processed and stored: so also to marketing, campaigning, communications, volunteering and beneficiary databases.

The basic concept of consent, and its main role as a lawful condition for processing, is not new. Unambiguous Affirmative action Freely given. A lack of clear guidance over the EU's General Data Protection Regulation (GDPR) is stifling businesses ability to prepare for it. The lugubrious ticking of my internal GDPR Doomsday Clock struck a minute closer to midnight last week. Tick, it chimed: “only 5 per cent of marketers fully understand what the GDPR means for their business.” Tock, it said: “50 per cent say they don’t really understand it at all, or [literally] don’t know.”

The Chartered Institute of Marketing (CIM) drop a statistical A-bomb in my inbox, and all hope of anyone making sense of the biggest ever overhaul of data regulation, is gone. It’s becoming painfully clear that many businesses – whether marketers or else – have neither the time, resources or know-how to deal with the EU’s General Data Protection Regulation. Implementation is 431 days away, and yet, the CIM/ YouGov poll finds just 11 per cent of businesses already have systems in place to ensure compliance. Almost a third of marketers are “clueless” as to whether their business has taken any steps to ensure they are so.

There’s too much else happening. Prepare your business for changes to the ePrivacy rules - or face hefty fines - Marketing Tech News. Does the start of Brexit mean marketers are off the hook with GDPR? - Digital Doughnut. The EU GDPR comes into play in just over a year, and many businesses are not yet compliant, make sure you understand the effect Brexit will have on all this.... If you live in Europe, you would have had to try really hard not to hear the news that the UK has started the exit process from the European Union on the 29th March 2017. Though I’m pretty sure that this historic action made it to news sites globally! The media is comparing it to a painful divorce – and it does feel a bit like the UK and EU now have to sort out everything from who will get the kids the house, down to dividing up the CD collection.

One key area that the UK wants to maintain is that of trade. On the marketing side, email has been consistently highlighted as one of the best channels in terms of return on investment, with £38 per £1 spent. Connecting those two points, in May 2016 the European Parliament and European Council introduced to the statute book the European Union General Data Protection Regulations (GDPR). ICO Issues Fine for Marketing Emails Disguised as Service Messages | Global Media and Communications Watch.

The Information Commissioner’s Office (ICO) has issued a £70,000 fine against Flybe and a £13,000 fine against Honda Motor Europe Ltd for breaching Regulation 22 of the Privacy and Electronic Communications Regulations (PECR) by sending emails requesting individuals to update their marketing preferences. The two cases confirm that: the interpretation by the ICO of what constitutes “marketing material” is very wide; andthe ICO will take enforcement action against organisations that seek to circumvent the rules on direct marketing by disguising marketing messages as service messages.

Flybe sent emails with the subject line “Are your details correct?” And advised individuals to update out-of-date information and marketing preferences. The emails were sent to over 3 million individuals who had opted out of marketing messages. On the other hand, Honda sent emails titled “Would you like to hear from Honda?” This is potentially a significant area of future enforcement by the ICO. GDPR: What does it mean for US digital startups in Europe? — ATLANTIC LEAP.

A survey of large American multinationals by PwC revealed that 71% of respondents have already begun preparing for GDPR by assessing two things: the gap between their current data protection practice and the requirements of GDPR, and discovering the data they already hold, of which over half is likely to be unknown to the business itself. 54% have begun de-identifying their European data by deleting or masking elements of the personal data they hold.

US businesses with existing EU operations will also have to make changes to their data protection practice, almost as if they’re starting over - so the next section will serve as a guideline for them too. My business wants to expand into mainland Europe. How do I comply with GDPR? These four elements will stand US businesses with EU operations in good stead for May 2018: Don’t forget the website This functionality comes at a cost. The good news Although GDPR means a great deal of work for US businesses operating in the EU, there is an upside. The GDPR and Why Digital Marketing Will Never be the Same - OpenText Blogs. We know that the General Data Protection Regulation is giving Compliance and IT some heartburn as these teams work to understand the GDPR’s new requirements and how it will affect their organizations.

But perhaps the biggest impact will be to Marketing; specifically digital marketing, which will require a cultural shift that presents challenges, but for smart organizations, opportunities to succeed as well. Consent is king The days of implied, sneaky, and bundled consent are gone. Starting in May 2018, brands have to collect active consent that is “freely given, specific, informed and unambiguous” to be compliant with GDPR.

Also, because there is no “grandfather clause” for data captured before the GDPR, we expect to see lots of re-permissioning campaigns to establish clear consent to use the personal data they already hold. The GDPR will change how gated assets are used, how leads are collected, and how referral programs work. Legitimate interest is not a get-out-of-jail-free card. RNLI's first opt-in appeal trebles response rate. Tim Willett, head of funding strategy at the charity, says the summer fundraiser had a response rate of 32.8 per cent, compared with 10.4 per cent in 2015 The RNLI trebled its response rate and average donation from supporters when it experimented with its first fundraising appeal in which it marketed only to people who had opted to receive communications, according to Tim Willett, head of funding strategy at the charity.

In an interview with Third Sector, Willett said the RNLI, which has spent the past year moving to an opt-in system of communications, wanted to test the theory that marketing to a smaller pool of highly engaged donors would generate better results than fundraising from all of the charity’s supporters. When it did this with its annual summer fundraising appeal, the response rate was 32.8 per cent – more than triple the 10.4 per cent rate the charity achieved in 2015. The average donation was £8.39, almost triple the £2.94 average donation for the previous year’s appeal. Fundraising & Regulatory Compliance Conference 2017 | Fundraising Regulator. Why charities need to be prepared for GDPR. Most Read IRIS Articles of the Week (March 20 - 24) What Marketers Need to Know About the EU's New Data Protection Rules - eMarketer. GDPR: What do you need to know? - Information Age. Cancer Research UK aims to be GDPR compliant by July - DecisionMarketing. How Channel 4 is preparing its 15m registered viewers for new European data laws.

GDPR - GDPR in practice - B2B emails and consent. Dogs Trust introduces consent platform to capture supporter preferences | UK Fundraising. The UK’s most infamous data breaches. IP addresses and personal data: Did CJEU ask the right questions? | White & Case LLP International Law Firm, Global Law Practice. GDPR Is The Antidote To Every Email Marketer's Worst Nightmare -- Apathy 10/21/2016. Will poor data quality jeopardise GDPR compliance? DMA | Article | GDPR: Data Protection - Compliance is not enough. Facebook's data transfer arrangements face legal challenge in Irish court | Computing. John Lewis fined over spam emails. A Brief Refresher on Spam Laws, Email Marketing and Compliance.

The Ultimate Guide to International Email Law [Infographic] – Litmus Software, Inc. The new ePrivacy Regulation: how will it impact your business? - Articles - Olswang LLP. What are PECR? GDPR: What Europe’s New Privacy Law Means for Email Marketers – Litmus Software, Inc. “Would you like us to email you a receipt?” | ICO Blog. Information Law Solutions Consultancy Glasgow, UK. Chapter 7: Lawful basis for processing – Unlocking the EU General Data Protection Regulation | White & Case LLP International Law Firm, Global Law Practice. The perfect CRM system for GDPR compliance - Data Protection People. Electronic mail marketing. Olswang Webinar catch up: GDPR AND THE RETAIL INDUSTRY | datonomy, the data protection blog. GDPR: What Europe’s New Privacy Law Means for Email Marketers – Litmus Software, Inc.

The GDPR PPI Paradox. Personal data processing for marketing purpose under the new GDPR: consent v legitimate interest and Recital 47 – first thoughts. 3 tips: Steal my GDPR action plan. Fundraising Week: Charities will be able to use opt-out systems under new EU data rules, says John Mitchison. Direct marketing guidance. Opt-In Laws in North America and Europe. Your email marketing and anti-spam law | BusinessLawDonut. Every B2B marketers holy PECR is on the chopping block - CommuniGator Ltd. DMA | Article | EU DPR agreed. DMA | Article | GDPR: Data Protection - Compliance is not enough. DMA | Article | Worst ePrivacy B2B fears averted. DMA | Article | B2B marketing and the GDPR. DMA | Article | GDPR - Direct marketing as a legitimate interest. Cpbuk.co.uk How The GDPR Will Affect B2B Marketing - cpbuk.co.uk. Can I still market to my current contact base after the GDPR? - CommuniGator Ltd.