Well May 25th has been and gone and like the millennium bug (remember that) our whole marketing software infrastructure hasn’t imploded. At Napier we ran our own internal Data Protection Impact Analysis (DPIA) project to establish what we needed to do to meet the obligations of the incoming GDPR regulations.
We assessed our inbound and outbound data flows, which of the 6 types of legitimate interest we had for processing data, forms and preferencing centre for our own marketing activities and lastly updated our policies the procedures accordingly to deal individuals rights.
It’s been a good exercise for making sure we have the correct systems and processes in place many of which haven’t changed from the previous data protection laws.
In B2B marketing there has been much debate about whether you need to have consent to send email communications or its better to use one of the other legitimate interests; contract, vital interest or, direct marketing.
If you have used direct marketing as your legitimate interest, don’t think you can rest on your laurel’s as there is another set of regulations to consider.
Going by the snappy name PECR, the Privacy and Electronic Communications (EC Directive) Regulations governs email marketing. Originally implemented in 2003 as an EC directive. Being a directive, the UK can choose how it gets implements and it currently allows businesses the freedom to email other business. It was updated in 2018 by the incoming GDPR regulations as the definition of consent has changed, with the new version of PECR called ePR, but more importantly the EU wants to further update/upgrade it in 2020.
The EU want to upgrade it to a regulation whereby all EU countries are obliged to implement it. It could mean the end of email marketing based on legitimate interest and only allowing email marketing by consent. Like GDPR, if ePR is ratified before the exit it will become part of the package of EU laws that are in the UK’s withdrawal bill.
So, if you decided on direct mail as your legitimate interest to process your data to carry on sending emails you might want to spend the next two years thinking about how to transition your activities to a consent based approached in readiness in case ePR becomes a regulation.