Regulations relevant for marketers

Privacy and data security is no longer a matter for just IT and legal teams. Sales & marketing play an active part in how data is generated and processed through our active lead generation and nurturing. 

Just about everyone in marketing has now heard about GDPR and some people are actively working towards compliance. BusinessBrew is here to help with GDPR training, support and knowledge in clear language that will ensure you can run compliant marketing campaigns going forward. 

We ensure that existing regulations like the ePrivacy directive (aka "The Cookie Law") are adhered to as well as the upcoming GDPR. 

What is GDPR?

Simply put, by 25 May 2018 all companies working within the European market have to be compliant with a new set of data privacy regulations known as GDPR or General Data Protection Regulation.

The European Union accepted GDPR in April 2016 and aims to give individual more options to control how their data is held by organisations. The deadline given to companies to comply is 25 May 2018. In addition, you must have processes ready to handle data requests from any individual.

For some organisations (those whose core business entail processing personal data or those who are (part of a) governmental organisation, it may mean having ot appoint a Data Protection officer.

GDPR affects your entire organisation: IT and your systems, legal and of course marketing and sales. The bottom line, not only is there a lot to consider but you need to get started today to ensure your business is compliant well before the deadline hits.

Read more about what GDPR means for inbound marketing teams here or read how you can get started working on GDPR compliant campaigns here.

Does GDPR apply to my business?

If you don’t handle any data from Europe and are not based in the EU, GDPR won’t affect you. However, even businesses outside of the EU who handle personal data of data subjects who are in the Union must comply. 

Now you ask, is this a good thing? Does it cause trouble for me as an Inbound Marketer? In our opinion, it is a good thing and if you stick to the inbound principles (#purist) preparing for GDPR compliance should be a manageable process.

Varnish Software Logo.png

"BusinessBrew's GDPR Workshop sheds a light on all the different nuances of GDPR. It helped put the marketing and sales team at ease about doing business in a new GDPR era and even be excited about what it brings." Hildur Smaradottir, VP Marketing 

How can BusinessBrew help towards GDPR and ePrivacy compliance?

BusinessBrew specialises in getting sales and marketing teams ready for GDPR. 

GDPR online course for marketing & sales

This online self-learning course will help you to understand the legislation work towards compliant online lead generation and inbound marketing.



GDPR workshop for marketing & sales

A full day customised workshop where we help your teams understand how to the GDPR will apply to your business and prepare you for documenting your data processes. 


GDPR support

Ensure your business has the right support when implementing the GDPR from data processing inventories, risk analysis to ensuring ongoing compliance. 


Digital22 GDPR .png

"Nikita took a complex and controversial subject and delivered a laid back, inviting and, of course, informative talk. GDPR is a subject which is filled with ambiguity and therefore her common sense approach was a breath of fresh air. We received great feedback from everyone we spoke to about her talk." Rikke Lear, Director

GDPR concerns for marketing teams

The GDPR affects the entire organisation. Marketing teams tend to get hit first as we collect, segment and analyse personal data every day.

Your marketing team has to be ready to take care of the following:

1. Handle requests from individuals to understand how their data is being held.

2. Be able to show how and when consent was obtained.

3. Allow individuals to withdraw consent easily and at any time.

4. Provide clarity to data subjects. 

5. Provide language around your data collection and processes that is clear and written in normal (i.e. human, not law specialist) language.

6. Must execute requests from individuals “without undue delay and at the latest within one month of receipt of the request”.

7. Report a security breach “leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”.

In short, marketing is for many organisations the first point of contact. Here, data is first collected and stored; most likely marketing will also work on the processes and responses to data requests and communication around data breaches.

If you want to get to work, download our GDPR checklist for marketing teams.

GDPR Checklist for Marketing

Inbound marketing and ISO certified GDPR specialists 

We are ISO certfied GDPR specialists as well inbound marketing experts. 

Here the background on our certification: The International Association of Privacy Professionals (IAPP) is the largest non profit organisation that brings together the people, tools and information management practices we need to stay up to date with the fast moving information economy. The CIPP is the global industry standard for professionals in the field of privacy. With the CIPP/E credential we show that we understand the principles-based framework and knowledge base in information privacy within the European context, including critical topics like the EU-U.S. Privacy Shield and GDPR. The certification is accredited by the American National Standards Institute (ANSI) under the International Organization for Standardization (ISO) standard 17024: 2012.

It was important for us to get trained and certified so we can guarantee you we are up to date on best practices for privacy and data security when advising you on your marketing strategy.

We are uniquely positioned to support you in building ePrivacy/ PECR / GDPR compliant marketing campaigns because we combine our inbound marketing experience with data privacy insights.

CIPP-E_Seal Certified Information Privacy Professional Europe.png

What is ePrivacy or PECR?

The directive has been in place since 2002 and has been updated as a proposal text in January 2017 is by many marketers knows as ‘the cookie law but it covers much more than that. The Directive on Privacy and Electronic Communications (Directive 2002/58/EC and the 2009 update, Directive 2009/136) concerns electronic communications and the right of confidentiality, data and privacy protection. Electronic communication covers websites, email, text messages, advertising, apps, IoT devices...

PECR contains a specific set of rules for:

  • Marketing calls, emails, texts and faxes
  • Cookies and similar technologies
  • Keeping communications services secure
  • Customer privacy as regards to traffic and location data, itemised billing, line identification, and directory listings.

2017 update to PECR

The 2017 update to PECR is good news for us marketers. It not only requires popular messaging systems such as Facebook Messenger, WhatsApp and Skype to adhere to the regulations, but it also clarifies some of the, previously more complicated, aspects of the regulation

On top of that, the EU is replacing the ePrivacy directive with a directly applicable regulation which means that we only have to deal with one set of rules instead of 28 different ones.  Read more about the proposed 2017 update here.

EU factsheet on 2017 PECR.png

Do you need a Data Protection Officer?

You may have heard that you need a Data Protection Officer or a DPO under GDPR. This isn’t necessarily the case. There are three scenarios where you might need to appoint a DPO under GDPR if:

  1. The processing is carried out by a public authority;
  2. The core activities of the controller or processor consist of processing operations which require regular and systematic processing of data subjects on a large scale; or
  3. The core activities of the controller or processor consist of processing on a large scale of sensitive data (Article 9) or data relating to criminal convictions / offences (Article 10).

As you can see, most businesses don’t need to appoint a dedicated DPO. BusinessBrew can advice in the case you do not need a DPO or if your DPO needs support in translating policy into workable marketing activities.

Get in touch.

You know you have to work on GDPR compliance but are not too sure what should be on your to-do list and how to get there? Leave us a note here and we'll get back to you.