GDPR and Data Privacy in the EU - A Rhetorik Guide for B2B Technology Marketers
- 1. GDPR and Data Privacy in the EU - A Guide for US B2B Technology Marketers Samantha Magee Kevin Savage
- 2. Key Points • Direct Marketing is possible with the GDPR • Opt-ins and Consent or Notifications and Legitimate Interest • Other EU legislation • Tips for B2B compliance from a DPO perspective
- 3. $450bn
- 4. Legal Bases Consent Contract Legal Obligation Vital Interest Public Task Legitimate Interest
- 6. Myth 1 – The end of Direct Marketing Recital 47: The legitimate interests of a controller, or of a third party, may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller. (…) The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.
- 7. Myth 2: Massive fines
- 8. Myth 2: Massive fines “I have no intention of changing our proportionate and pragmatic approach. Hefty fines will be reserved for those organisations that persistently, deliberately or negligently flout the law.” Liz Denham, Information Commissioner
- 9. How does this affect B2B Marketing? Suspects Prospects Clients
- 11. UK – Privacy & Electronic Communications Regulations 2003 • GDPR is about the PROCESSING not the PROCESS • Email, as one form of direct marketing, is a PROCESS • PECR gives us the OPT-IN / OPT-OUT rules • OPT-IN is required for INDIVIDUALS, SOLE TRADERS and some PARTNERSHIPS • OPT-OUT is open to CORPORATE BODIES and PERSONAL CORPORATE EMAIL users
- 12. GDPR and Data Privacy in the UK – PECR Source – GDPR for marketers: Consent and Legitimate Interests – page 21 Direct Marketing Association
- 13. Data Privacy around the EU Country Legislation Belgium The Code of Economic Law, and the Royal Decree of 4 April 2003 (advertising by email) France Article L. 34-5 of the Code of Post and Telecommunication and Article L.121-20-5 of the Consumption Code Germany The German Act Against Unfair Practices 2004 (UWG) and the revised German Telecommunications Act Ireland The European Communities (Electronic Communications Networks and Services) Regulations 2011 (the “2011 Regulations”) Italy Protection of Personal Data Consolidation Act (Data Protection Code - Legislative Decree No. 196 of 30 June 2003) & Legislative Decree nr. 69/2012 Netherlands Telecommunicatiewet Spain Law 34/2002 on information society services and electronic commerce (LSSI) UK The Privacy and Electronic Communications (EC Directive) Regulations 2003
- 14. Opted out? Y E S DO NOT EMAIL NO In Finland, France, Ireland, Portugal, Sweden, UK? NO Opted in? EMAIL Y E S N O Y E S STARTHERE
- 16. How does this apply to Rhetorik? NetFinder Technology Database Personal Data (Business Card Information) Firmographics, Technographics, Purchasing Indicators
- 17. How does this apply to Rhetorik? • Data minimization • Impact • Notification • Transparency • Reasonable Expectations
- 18. What does this mean for B2B Technology Marketers? • Suspects – legitimate interest, reasonable expectation, transparency • Prospects – reasonable expectation; consent • Clients – contract, legitimate interest, reasonable expectation, data minimization, transparency
- 19. Questions to ask of your Data Provider • What personal data do they control? • Is it collected lawfully? • What is the legal basis being used for it? • Is it up to date? • How can I use it lawfully?
- 20. How does this apply to Rhetorik clients? • Your legal basis - Legitimate interest or consent? • Legitimate Interest Assessment • Transparency – notification, right to object • Suppression lists – maintaining compliance • Opt-ins – when does our data become your data?
- 21. Thank You info@rhetorik.com +44 (0)118 989 8580