In October I wrote a blog about the introduction of new data regulations that will come into force for UK and EU businesses on the 25th May 2018. If you’ve not read it and you don’t know what this is all about, I’d recommend that you do as it should help to reassure you what needs to be done to limit your risk as a business and as a company director/data controller. It will also help you appreciate the associated risks of buying in any consumer data, namely fines imposed of up to 20 million Euros.
I for one am personally delighted to see the new regulations coming into force, but I can also see that it will be quite a headache for many companies to attempt to resolve. It may also mean that for lots of consumer facing businesses that they may simply have to wipe thousands of data records from their systems if they can’t confirm precisely which sources they initially came from even if they were reassured by the selling bureau that permission had been given by the recipient to re-use it. For those companies that have purchased cold list data from bureau’s that may be a bitter pill for some firms to swallow, but what’s the alternative if fines can be imposed by the Data Protection Commissioner for companies who continue to misuse it? Given the ‘quality’ of the data bureau campaigns I continue to receive at my business I continue to have grave doubts about the relevancy and validity of much of this data. Except I have noticed one thing and that is that I appear to be receiving more offers of data than I’ve ever had before. I suspect that as an individual who fits somewhere between being cynical or wise, that these bureaus may be selling off their ‘quality’ data as a bit of a last hurrah, another chance to cream some profit from something that has long had little value, but maybe that’s just me?
The new regulations should ensure that list rental companies will now have to be far more robust and circumspect in collecting data from various sources before they claim as one organisation did across several mailshots to me that;-
- ‘It’s direct marketing, it’s not rocket science’
- ‘Can you trust the source’
- ‘Is it ready to use’
- ‘We take our data very seriously; one example is our XYZ of products; they are widely regarded as the pinnacle of UK data’.
If only I could have believed them but addressing my business mail to a hybrid of our former registered office and trading address would suggest I can’t, especially given that a large part of the address which they retained was outdated by some seven years, perhaps it is rocket science after all!
So I would suggest a note of caution if your company is planning to purchase any ‘cold list’ data, either before or after 25th May 2018 as this data may not be yours to own, hence why starting a process to review what you hold makes sense now rather than leaving it until May 2018. However, before you shout ‘foul’, if your business has been running for some time then thank yourself lucky that your already have a customer base. For those who are considering starting a business after the 25th May 2018 they’ll most likely find it all the harder to accomplish.
The new rules affect any data (both B2C and B2B) that can identify a person (such as unique identification numbers, location and transaction data and of course specific names). You should only retain this data if you can prove you are fully entitled to do so. Privacy should be an inherent part of the design of any future database development model and if it’s not then you still have more work to do, but if you accept and fulfil this commitment then you will be well on the way to meeting the proposed Regulations.
If you would like to have a conversation with me about how you can improve in this area, I’d be delighted to listen to you. You’ll find the contact details on our website at http://www.genesisdm.co.uk/contact.asp .