Data protection for dummies (I wish)

As a responsible marketer I’m sure you’re aware of the Data Protection Act 1998 and no doubt also the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR is easier to say) but do you really know what your responsibilities are in light of them?

The Information Commissioner’s Office (ICO) decided last September that we all needed a bit of guidance to help us understand the laws and so published the ‘Guidance on Direct Marketing’. Helpful…but still 45 pages long. The Direct Marketing Association decided to help out and published their own guidance on the guidance, which is well worth reading, and I thought I’d try and list some of the key points to help us all. Bear in mind this relates specifically to electronic communications (email and SMS predominantly) covered in the PECR.

• It covers only marketing messages NOT those that are transactional, service announcement, billing information etc.
• The PECR doesn’t apply if the customer has approached you about services/products but it DOES apply if they have opted-in.
• Don’t pre-tick opt-in boxes – customers should take some positive action to say they want to sign up
• Third party consent? Best practice is to conduct mailings to customers who have opted in on behalf of the third party NOT to provide the contact details to the third party
• Consent lasts for six months – if they have been receiving messages and haven’t unsubscribed that’s considered up to date but if they haven’t been mailed for over six months since signing up then you should regain consent
• If someone unsubscribes you have 28 days in which to suppress them from all lists. Note the term ‘suppress’ – you shouldn’t delete them as you need to check you don’t mail them again
• Your opt-out must be clear on every communication
• The ICO does have the power to take enforcement action if you don’t comply, including imposing fines of up to £500,000
• The laws still apply even if you are not-for-profit

It should be noted that the PECR also covers telephone calls but I haven’t covered them here. If you employ telemarketing services you should definitely read the Guidance and take note of the telephone section.

Why all this interest in electronic communications all of a sudden? Well, it’s the main method of contacting customers these days and the PECR rules are stricter than for traditional paper-based comms.

Best advice…get up to speed, know what the rules are and stick to them.

Love your customers and they’ll love you back

Just a quick post to share a good infographic that I’ve just been sent on customer acquisition… Customers will share their data if they trust you and know why you’re collecting, what you’re going to do with it and that you’ve got a clear privacy policy.

They also trust email the most. How’s your email marketing strategy?

Are You Protecting Your Customers’ Data?

Looking after our customers’ data has been high up on any good marketers list for a long time. The Data Protection Act 1998 has ensured of that. But these days ‘data privacy’, as it’s becoming known, is vital to gaining and keeping new customers.

It’s simple – you want customers’ data so you can market to them appropriately. But customers aren’t stupid anymore; they’re aware of their rights and what the implications are of handing over their contact details (and more). But that doesn’t mean no one wants to hand over personal details – quite the opposite actually! People are quite happy to share their information with you BUT you need to gain their trust first.

“What’s in it for me?” – you need to tell them why you want the info and what you’ll do with it. They’re only too happy to share it if you’re going to personalise the emails you send them

“Who else are you giving it to?” – be honest and transparent if you intend to share their details with anyone else. And give them the option to opt out.

“Show me your policy so I can trust you” –have your privacy policy easy to find on your website and make it easy and clear to understand. Here’s mine>>

Personally I’d say it’s better not to sell details to other companies and this is borne out by the recent Customer Acquisition Barometer 2014, which found that 85% of people will only share their details if it’s made clear that only the company collecting them will use them. Wow, that’s a lot of people!

43% surveyed preferred email as their channel to sharing information, closely followed by the brand’s own website.

So what does all this mean for you?

1. Acknowledge and embrace the fact that data privacy is not just a tick box n forget exercise
2. Review your data emails and websites
3. Make sure your privacy policy is up to date, easy to understand, find and accurate
4. Make sure you’re clear when asking for information as to why and what you plan to do with it
5. Provide a preference centre for people to manage their data rather than a simple unsubscribe – people might not want to receive all your emails but if you don’t give them the option to select which ones they do want they’ll simply unsubscribe to everything
6. Only collect the data that you really need – I have bailed out of numerous forms recently because I got bored answering irrelevant questions. Do you really need to know their middle initial/title/favourite colour?
7. Make sure what you’re offering customers in return for their data really is of value to them

Your customers’ data is precious, look after it. After all, how do you feel when your own data isn’t cared for?

Should we have the Right to be Forgotten?

There’s an argument brewing between Britain and the EU. Yes, I know it’s hardly unusual but what is that, for once, it’s not the EU trying to add layers of red tape. It’s Britain!

Let me try and explain…

There is currently a review of the European Data Protection regulation, which aims to stick up for the 500 odd million citizens living across the EU and make sure companies don’t sell, lose, share or use our personal data in a way we wouldn’t want.

Part of the review is looking at Article 17, which is the Right to be Forgotten. The EU Commissioner’s Office has created this article in an attempt to manage how social media sites (yes you Facebook) store and use information about us. Right now, you can’t easily get any information removed unless it is ‘incomplete or inaccurate’. But those (for once) good eggs in Europe want to change this and make it easier for citizens to request removal of information by giving us the right to be forgotten.

This is essentially removing red tape and creating one clear rule across all EU countries. But weirdly I’ve read in the Guardian that the Ministry of Justice wants to add red tape, not take it away. They want 27 rules, one for each of the 27 countries.

This rule is going to be hard enough to enforce without the MoJ adding to it. Basically, you will have the right to request removal of information but if that information has been passed onto a third party supplier the site that sold it on will need to ask (they cannot force) for it to be removed.

Complicated? Yes. But does that mean we should give up and stand against it at the first hurdle?

I might be a marketer but I do actually see a benefit to this; I only want to use customer’s information that they are happy for me to use. As a consumer I also want to know that if I want a photo of me drunk at university taken down from Facebook then I can do that.

Not that there are any photos of me drunk anywhere 😉

One last quote from lobby group Privacy International: “If you left a bank you wouldn’t like them to keep your data for ever.”

What’s so different about social media?

Becky

The Ironic Cookie (Law)

For anyone who is still trying to work out how best to adhere to last year’s cookie law changes don’t worry, you’re not the only ones!

As read on Chinwag’s blog today, the Information Commissioner’s Office (the very people who enforce the cookie law and data protection in the UK) has changed its mind as to its own website.

Back in May 2012 when the law became enforced the ICO took the strictest interpretation of the law; I know as I use their site and found massive banners that I couldn’t click away from without agreeing. Intensely annoying when that happens isn’t it…you just want to get to a certain page or click a certain button and this pesky banner keeps popping up in your face.

The problem was the ICO’s own web traffic then plummeted 90%!

No wonder they’ve now changed their approach to the ‘implied consent’ approach that I adopted for my own organisation.

Makes you smile doesn’t it.

Becky