Is your business up to speed on data protection?

In just 260 days, new legislation will change the way all businesses gather, store and use personal data.

The General Data Protection Regulation (GDPR), which comes into force on 25 May 2018, places the power back into the hands of consumers – increasing their rights around the protection and privacy of their personal data. While it may seem a long way off, if you’re one of the UK companies yet to start preparing, you should seriously think about starting now or risk suffering the consequences.

The GDPR is the most substantial revision of our data protection legislation since the EU Data Protection Directive of 1995. A lot has changed in the last two decades. Companies collect significantly more data than they did then, and the way we use and share it has evolved dramatically – prompting increasing concerns about data misuse and loss, as well as how personal data should be stored and deleted. This legislation aims to tackle these issues, and more.

However, despite the major changes coming our way, a survey by the Direct Marketing Association (DMA) in May suggested nearly a quarter of its business members had not started preparations and their confidence in being able to do so before the deadline had slipped. Similar research in other sectors suggests some companies had stopped preparations on account of Brexit.

But there’s no ‘get out of jail free’ card when the UK leaves the EU. The Information Commissioner’s Office has said that the UK’s data protection laws will need to be in line with EU countries in order for them to trade successfully with each other.

Suffice to say, the GDPR is causing a stir in the business community, with many worrying about the hefty penalties they could face if they fail to comply. The upper penalty for those who breach the new law will rise to €20 million, or four per cent of a company’s global annual turnover – whichever is higher. If the current upper limit of £500,000 wasn’t already enough to make businesses sit-up and listen, the new penalties should get their attention.

But it doesn’t have to be bad news for business. The GDPR provides an opportunity for companies to implement best practice across the board, from the way they capture and store personal data through to how they use it to build meaningful and long-term relationships with their customers and prospects through direct marketing.

The GDPR places greater emphasis on the need for a “freely given, specific, informed and unambiguous indication of the individual’s wishes”, or a positive ‘opt-in’, when gaining people’s consent to collect, process and store their data. In short, gone are the days when consent could be inferred from a pre-ticked box, silence or inactivity. It’ll no longer be enough to just offer an opportunity for people to ‘opt-out’, though this must always remain an option.

This means businesses will need to think harder about what they send to consumers to ensure they give them a reason to opt-in and stay signed-up to receive direct communications – whatever the format. But surely it makes sense for businesses to be doing this, anyway? It may mean more work upfront but sending relevant, engaging and timely letters, emails and mobile messages will not only help businesses attract and maintain the interest of those consumers they really want to engage with but also avoid wasting time and money bombarding those who were never going to be interested in what they had to offer in the first place.

At Freshwater, we’re getting ready – helping our clients while also getting our own house in order. Our sister company, Waterfront Conference Company, started preparations over a year ago, making an even bigger shift to content marketing than ever before. Providing insight, news, videos and advice on important issues across transport, infrastructure and energy, together with interviews with key people in these sectors, gives real value to potential conference delegates and sponsors and another reason to be happy to hear from us, rather than just finding out when our next conference is taking place.

There’s no doubt the complexity of the GDPR is daunting, and grey areas do remain – particularly with regards to how the changes will affect B2B marketers. However, the new rules provide a good opportunity for businesses to really think about why and how they’re capturing, holding and using data. Getting this right will not only make sure you avoid a hefty fine but also enable you to gain your target customers’ attention and trust, leaving them far more likely to buy your products and services. And that’s got to be good news for business.

Angharad Neagle

Angharad Neagle is group managing director of Freshwater UK, the Cardiff-headquartered communications consultancy.

This article first appeared in the Western Mail newspaper.