BREXIT: you will still need to comply with the GDPR

04 October 2016
Is your company amongst the 20% of UK businesses that haven't yet looked at the new Data Protection rules? Is your organisation amongst the 25% that have suffered a data breach this year?

When ISBA held its Data Protection Roundtable event in February all seemed straightforward. The EU General Data Protection Regulation (GDPR) would be introduced in the summer, giving companies two years to comply, or face a fine of €20 million, or 4% of annual global turnover for non-compliance, whichever is greater. However, that was before BREXIT. Chances are that we might still in the EU by the time the Regulation becomes law.

Privacy and Innovation

In her first speech last month as the new Information Commissioner, Elizabeth Denham said “Let’s start with the known knowns. It is extremely likely that GDPR will be live before the UK leaves the European Union. Remember that the GDPR is actually already in force, it is just that Member States are not obligated to apply it until 25 May 2018.” The Information Commissioner’s Office is the independent UK regulator enforcing the new laws.

Ms. Denham added "One of the things I want to be clear about today is that I do not believe data protection law is standing in the way of your success." And she reminded her audience that "It’s not privacy or innovation – it’s privacy and innovation", adding that she wants companies to take responsibility for compliance. 

The fact is that even when we leave the EU, companies that want to continue trading, sharing and transferring data with the single market will need to comply with the GDPR. You need to comply with the current law whilst working towards compliance with the new Regulation.

Taking a positive, customer focused approach

Let’s be positive. Rather than seeing compliance as an arduous chore, regard it as an opportunity to develop trust and confidence amongst your customers and prospects. Data protection and privacy need to be at the heart of not just what marketers do, but also the core of your company’s strategy, determining every point of contact. You need to aim high. 

Your C suite ultimately needs to drive the necessary cultural change. Board members need to take accountability. Rather than meeting the basic requirements of the Regulation, you need to exceed your customers’ expectations. Take time to work out what good looks like.

Test and learn to determine the most effective option to gain consent from your customers. Under the new law, there is now a lot more to gaining consent than simply presenting pre-ticked boxes.  

Many advertisers are great at communicating with their customers using imaginative ideas and creativity. But they might not so good at doing this internally.

ISBA's Upcoming Roundtable Event

ISBA is here to help. On 22 November we are holding a free, member only Data Protection Roundtable event, in association with the ICO. The event will provide insights on compliance from members, including: 

  • Claire Knight, Head of Data Protection, L'Oreal
  • Michael Bond, Data Protection & Privacy Advisor, News UK
  • Stephen McCartney, Director of Information Governance and DPO, Royal Mail
  • Kevin Bryant, Marketing Manager, E.On
Find out more about the event and book your place here >

Complying with the Regulation will help satisfy the more assertive and confident consumers. Have a look at your Amazon public profile dashboard for a really good example of how to develop and maintain trust with customers. Also review your preference centres – best examples are from Tesco and Amazon. You also need champions. Review your Mission Statement and update your Privacy Policy.

Since Brexit, GDPR has dropped in importance across boardrooms throughout the UK. However, it would be very dangerous to reduce budgets established for compliance – you simply can’t de-prioritise.

To book tickets on our General Data Protection Regulation Workshop event please email Elvira. If you have queries regarding complying with the Regulation please contact me.

David Ellison 

Leave a Comment

Please login to add comments.