changes in eu data protection regulations and the impact on your email marketing
TRANSCRIPT
@adestra adestra.com
Changes in EU Data Protection Regulations and the Impact on your Email Marketing
@adestra adestra.com
Welcome!
• You can hear us, we can’t hear you• There will be time for questions at the end• Tweet us @adestra• Not legal advice
@adestra adestra.com
We have been providing enterprise-level digital marketing technology solutions to organizations around the globe since 2004. Our clients trust our proven email, automation, social, and mobile marketing technology to deliver successful and cutting-edge marketing programs to their valued customers.
We were founded on the principle that marketing success takes more than technology, and that’s why customer service is at the heart of our business. We’re not just Software as a Service, we’re Software AND a Service.
About Adestra
@adestra adestra.com
@adestra adestra.com
Introducing AdestraPage 4
Our obsession is to make our customers successful by delivering the right email-driven technology and awesome customer service.
We bring clarity to complexity.
@adestra adestra.com
Hello!
Antony Humphreys M IDMKey Account Manager
@antony_adestra
@adestra adestra.com
What we’ll cover
• Current Legislation • A brief history of Data Protection• Where are we now• How we got here
• What is changing• 4 key elements
• Tips to help you get ready
@adestra adestra.com@adestra adestra.com
What the ICO says
Page 7
@adestra adestra.com
Page 8
Christopher Graham – Information CommissionerOnly Marketing Specifically requested can be regarded as solicited
Don’t’ Panic – new regulations are basically the current directive with added detail plus good practice given statutory recognition.
@adestra adestra.com
Page 9
Christopher Graham – Information CommissionerOnly Marketing Specifically requested can be regarded as solicited
Don’t Panic – new regulations are basically the current directive with added detail plus good practice given statutory recognition.
@adestra adestra.com@adestra adestra.com
Current Legislation
Page 10
@adestra adestra.com
A brief historyPage 11
Data Protection Act 1984 (repealed 1.3.2000)
@adestra adestra.com
A brief historyPage 12
Data Protection Act 1984 (repealed 1.3.2000)
Data Protection Directive 95/46/EC ("Directive") - 1995
@adestra adestra.com
A brief historyPage 13
Data Protection Act 1984 (repealed 1.3.2000)
Data Protection Directive 95/46/EC ("Directive") - 1995
@adestra adestra.com
What is a DirectivePage 14
A directive is a legal act of the European Union, which requires member states to achieve a
particular result without dictating the means of achieving that result. Directives normally leave member states with a certain amount of leeway
as to the exact rules to be adopted.
@adestra adestra.com
A brief historyPage 15
Data Protection Act 1984 (repealed 1.3.2000)
Data Protection Directive 95/46/EC ("Directive") - 1995
Data Protection Act 1998
@adestra adestra.com
Page 16
The Data Protection Act 1998 (DPA) is based around eight principles of ‘good information handling’.Don’t’ Panic – new regulations are basically the current directive with added detail plus good practice given statutory recognition.
@adestra adestra.comadestra.com
8 Principles of Data Protection
Personal data:1. shall be processed fairly and lawfully2. shall be obtained only for specified and
lawful purposes3. shall be adequate, relevant and not
excessive4. shall be accurate5. processed for any purpose or purposes shall
not be kept for longer than is necessary6. shall be processed in accordance with the
rights of data subjects under this Act7. appropriate technical and organisational
measures shall be taken 8. shall not be transferred to a country or
territory outside the European Economic Area
Schedule 1 of the DPA 1998
Source: https://ico.org.uk/for-organisations/guide-to-data-protection/data-protection-principles/
@adestra adestra.com
A brief historyPage 18
Data Protection Act 1984 (repealed 1.3.2000)
Data Protection Directive 95/46/EC ("Directive") - 1995
Data Protection Act 1998
Privacy and Electronic Communications Regulations 2003 (PECR)
@adestra adestra.comadestra.com
4 Specific areas for PECR 2003
• marketing calls, emails, texts and faxes• cookies (and similar technologies)• keeping communications services secure and• customer privacy as regards traffic and
location data, itemised billing, line identification, and directory listings
@adestra adestra.com
A brief historyPage 20
Data Protection Act 1984 (repealed 1.3.2000)
Data Protection Directive 95/46/EC ("Directive") - 1995
Data Protection Act 1998
Privacy and Electronic Communications Regulations 2003 (PECR)
EU Regulation Data Protection xxxx? (aka General Data Protection Regulations)
@adestra adestra.com
A brief historyPage 21
Data Protection Act 1984 (repealed 1.3.2000)
Data Protection Directive 95/46/EC ("Directive") - 1995
Data Protection Act 1998
Privacy and Electronic Communications Regulations 2003 (PECR)
EU Regulation Data Protection xxxx? (aka General Data Protection Regulations)
@adestra adestra.com
What is a RegulationPage 22
A regulation is a legal act of the European Union that becomes immediately enforceable
as law in all member states simultaneously
@adestra adestra.com@adestra adestra.com
So where are we now?
Page 23
@adestra adestra.com
So where are we nowPage 24
Source:http://www.insideprivacy.com/international/european-union/the-eu-data-protection-regulation-after-3-years-of-negotiation/
@adestra adestra.com
So where are we nowPage 25
• Negotiations to be completed by the end of 2015
• Final Documentation and approval- possibly Mid – 2016
• There is likely to be a 2 year grace period
• Go-live some time in 2018
Source:http://www.insideprivacy.com/international/european-union/the-eu-data-protection-regulation-after-3-years-of-negotiation/
@adestra adestra.com@adestra adestra.com
What could be Changing?
Page 26
@adestra adestra.com
4 Changes that may happenPage 27
1. Regulation not Directive2. Explicit Consent
• Opt-in (B2C/B2B) to receive e-comms, to be profiled
3. Legitimate Interest• Marketing of similar processes, postal marketing & B2B• Interest of brand vs consumer
4. Documentation/Proof of Consent• What did Data Subject consent to specifically• How did the Data Subject consent
@adestra adestra.com@adestra adestra.com
Tips to get ready
Page 28
@adestra adestra.com@adestra adestra.com
Explicit Consent
Page 29
@adestra adestra.com
Tips | Explicit ConsentPage 30
“Openness and Honesty is Key”- Julia Porter, Head of Data Protection, Guardian and
- DMA chair on Data Protection
@adestra adestra.com
Tips | Explicit ConsentPage 31
• Brands want Data Subject’s data• Data Subject will give data if they trust the brand• They will trust that brand if they are informed of:
• What is being collected• Why it is being collected/how it will be used• And how they can change or stop collection/processing
@adestra adestra.com
Tips | Explicit ConsentPage 32
Source: http://www.theguardian.com/info/video/2014/sep/08/guardian-privacy-policy
@adestra adestra.com
Best Practice | Explicit ConsentPage 33
We want this because…And we will do this with it…
Preference Centres• Prominent position• Hover-overs to explain why • Only ask for information you
need• Give opportunity to Data
Subjects to update/remove data
@adestra adestra.com
Best Practice | Explicit ConsentPage 34
Register
Confirm
Record
Update
Confirm
RecordDouble Opt-in• Use on all sign-up forms• Record the process
http://www.adestra.com/term-week-double-opt-in/
@adestra adestra.com@adestra adestra.com
Documentation
Page 35
@adestra adestra.com
Best Practice | DocumentationPage 36
• Data Controllers to prove consent• Data Processor keep records of:
• Sign-up• Double opt-in• Changes to preferences
@adestra adestra.com@adestra adestra.com
Questions
Page 37
@adestra adestra.com
Thank youFor more information please contact us:
+44 (0)1865 24 24 24 or email [email protected]
@adestra adestra.com