Tag Archives: Data Protection Act

Data protection for dummies (I wish)

As a responsible marketer I’m sure you’re aware of the Data Protection Act 1998 and no doubt also the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR is easier to say) but do you really know what your responsibilities are in light of them?Tick to opt-in

The Information Commissioner’s Office (ICO) decided last September that we all needed a bit of guidance to help us understand the laws and so published the Guidance on Direct Marketing. Helpful…but still 45 pages long. The Direct Marketing Association decided to help out and published their own guidance on the guidance, which is well worth reading, and I thought I’d try and list some of the key points to help us all. Bear in mind this relates specifically to electronic communications (email and SMS predominantly) covered in the PECR.

  • It covers only marketing messages NOT those that are transactional, service announcement, billing information etc.
  • The PECR doesn’t apply if the customer has approached you about services/products but it DOES apply if they have opted-in.
  • Don’t pre-tick opt-in boxes – customers should take some positive action to say they want to sign up
  • Third party consent? Best practice is to conduct mailings to customers who have opted in on behalf of the third party NOT to provide the contact details to the third party
  • Consent lasts for six months – if they have been receiving messages and haven’t unsubscribed that’s considered up to date but if they haven’t been mailed for over six months since signing up then you should regain consent
  • If someone unsubscribes you have 28 days in which to suppress them from all lists. Note the term ‘suppress’ – you shouldn’t delete them as you need to check you don’t mail them again
  • Your opt-out must be clear on every communication
  • The ICO does have the power to take enforcement action if you don’t comply, including imposing fines of up to £500,000
  • The laws still apply even if you are not-for-profit

It should be noted that the PECR also covers telephone calls but I haven’t covered them here. If you employ telemarketing services you should definitely read the Guidance and take note of the telephone section.

Why all this interest in electronic communications all of a sudden? Well, it’s the main method of contacting customers these days and the PECR rules are stricter than for traditional paper-based comms.

Best advice…get up to speed, know what the rules are and stick to them.

Are You Protecting Your Customers’ Data?

Looking after our customers’ data has been high up on any good marketers list for a long time. The Data Protection Act 1998 has ensured of that. But these days ‘data privacy’, as it’s becoming known, is vital to gaining and keeping new customers.

Is your privacy policy easy to find?

It’s simple – you want customers’ data so you can market to them appropriately. But customers aren’t stupid anymore; they’re aware of their rights and what the implications are of handing over their contact details (and more). But that doesn’t mean no one wants to hand over personal details – quite the opposite actually! People are quite happy to share their information with you BUT you need to gain their trust first.

“What’s in it for me?” – you need to tell them why you want the info and what you’ll do with it. They’re only too happy to share it if you’re going to personalise the emails you send them

“Who else are you giving it to?” – be honest and transparent if you intend to share their details with anyone else. And give them the option to opt out.

“Show me your policy so I can trust you” –have your privacy policy easy to find on your website and make it easy and clear to understand. Here’s mine>>

Personally I’d say it’s better not to sell details to other companies and this is borne out by the recent Customer Acquisition Barometer 2014, which found that 85% of people will only share their details if it’s made clear that only the company collecting them will use them. Wow, that’s a lot of people!

43% surveyed preferred email as their channel to sharing information, closely followed by the brand’s own website.

So what does all this mean for you?

  1. Acknowledge and embrace the fact that data privacy is not just a tick box n forget exercise
  2. Review your data emails and websites
  3. Make sure your privacy policy is up to date, easy to understand, find and accurate
  4. Make sure you’re clear when asking for information as to why and what you plan to do with it
  5. Provide a preference centre for people to manage their data rather than a simple unsubscribe – people might not want to receive all your emails but if you don’t give them the option to select which ones they do want they’ll simply unsubscribe to everything
  6. Only collect the data that you really need – I have bailed out of numerous forms recently because I got bored answering irrelevant questions. Do you really need to know their middle initial/title/favourite colour?
  7. Make sure what you’re offering customers in return for their data really is of value to them

Your customers’ data is precious, look after it. After all, how do you feel when your own data isn’t cared for?