Privacy and data security is no longer a matter for just IT and legal teams. Sales & marketing play an active part in how data is generated and processed through our active lead generation and nurturing.
Just about everyone in marketing has now heard about GDPR and some people are actively working towards compliance. BusinessBrew is here to help with GDPR training, support and knowledge in clear language that will ensure you can run compliant marketing campaigns going forward.
We ensure that existing regulations like the ePrivacy Directive (aka "The Cookie Law" or PECR in the UK) are adhered to as well as the GDPR.
Simply put, since 25 May 2018 all companies working within the European market have to be compliant with a new set of data privacy regulations known as GDPR or General Data Protection Regulation.
The European Union accepted GDPR in April 2016 and the deadline given to companies to comply by was 25 May 2018. The legislation aims to give individuals more options to control how their personal data is held by organisations.
For organisations whose core business entails processing personal data or organisations that are (part of) a governmental organisation, it may mean having to appoint a data protection officer. Read more on this below.
GDPR affects your entire organisation: IT and your systems, legal, HR, accounts and, of course, marketing and sales. The bottom line, not only is there a lot to consider but you need to ensure your business is fully compliant to avoid fines.Read more about what GDPR means for inbound marketing teams here or read how you can get started working on GDPR compliant campaigns here.
If you don’t handle any data from Europe and are not based in the EU, the GDPR won’t affect you. However, even businesses outside of the EU who handle personal data of data subjects who are in the Union must comply.
Now you ask, is this a good thing? Does it cause trouble for me as an Inbound Marketer? In our opinion, it is a good thing and if you stick to the inbound principles (#purist) marketing in a GDPR compliant manner should be a manageable process.
"BusinessBrew's GDPR Workshop sheds a light on all the different nuances of GDPR. It helped put the marketing and sales team at ease about doing business in a new GDPR era and even be excited about what it brings." Hildur Smaradottir, VP Marketing
BusinessBrew specialises in getting sales and marketing teams ready for GDPR.
"Nikita took a complex and controversial subject and delivered a laid back, inviting and, of course, informative talk. GDPR is a subject which is filled with ambiguity and therefore her common sense approach was a breath of fresh air. We received great feedback from everyone we spoke to about her talk." Rikke Lear, Director
The GDPR affects the entire organisation. Marketing teams tend to get hit first as we collect, segment and analyse personal data every day.
Your marketing team has to be ready to take care of the following:
1. Handle requests from individuals to understand how their data is being held.
2. Be able to show how and when consent was obtained.
3. Allow individuals to withdraw consent easily and at any time.
4. Provide clarity to your data subjects (leads, clients, employees, candidates and anyone else who's personal data you might process).
5. Provide language around your data collection and processes that is clear and written in normal (i.e. human, not law specialist) language.
6. Must execute requests from individuals “without undue delay and at the latest within one month of receipt of the request”.
7. Report a personal data breach “leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”.
In short, marketing is for many organisations the first point of contact. Here, data is first collected and stored; most likely marketing will also work on the processes and responses to data requests and communication around data breaches.
We are inbound marketing experts who embrace the GDPR.
Nikita received her GDPR certification from the International Association of Privacy Professionals (IAPP). This is the largest
It was important to get trained so we can ensure we are up to date on best practices for privacy and data security when advising you on your marketing strategy.
We are uniquely positioned to support you in building ePrivacy/PECR/GDPR compliant marketing campaigns because we combine our inbound marketing experience with data privacy insights.
The directive has been in place since 2002 and has been updated as a proposal text in January 2017. By many marketeers, it is know as 'the cookie law'. However, it covers much more than that. The Directive on Privacy and Electronic Communications (Directive 2002/58/EC and the 2009 update, Directive 2009/136) concerns electronic communications and the right of confidentiality, data and privacy protection. Electronic communication covers websites, email, text messages, advertising, apps and IoT devices.
You may see ePrivacy and PECR used interchangeably by some. The PECR is the UK version of the ePrivacy Directive. They cover many of the same issues but are not the exact same thing. It's important to be aware the ePrivacy Directive varies in all 28 member States. Unlike the GDPR, where one set of rules apply.
ePrivacy and PECR contain specific sets of rules for:
In 2017 an update to the ePrivacy Directive was proposed. It not only requires popular messaging systems such as Facebook Messenger, WhatsApp and Skype to adhere to the regulations, but it also clarifies some of the, previously more complicated, aspects of the regulation. In addition, the Directive will be replaced with a directly applicable regulation which means that going forward there will be one set of rules (like the GDPR) rather than 28 different ones.
The proposal has yet to be fully accepted. It's expected that it will come into force in early 2019.
You may have heard that you need a Data Protection Officer or a DPO under GDPR. This isn’t necessarily the case. There are three scenarios where you need to appoint a DPO under GDPR:
As you can see, most businesses don’t need to appoint a dedicated DPO. BusinessBrew can advice in the case you do not need a DPO or if your DPO needs support in translating policy into workable marketing activities.