How can GDPR compliance benefit your charity’s marketing function? For those who aren’t prepared for the new legislation, should you be expecting penalties? The DMA’s Director of Policy and Compliance, John Mitchison, explains.
Recently published research by the DMA, titled ‘GDPR & You Chapter 5’, found that awareness of GDPR is at its highest level yet – individuals and organisations feel more prepared than ever. Despite this, one in five feel their organisation will not be ready to comply with GDPR by 25 May 2018. Given that a sizeable number of organisations may not be ready in time, what response can they expect from the UK’s data regulator, the Information Commissioner’s Office (ICO)?
GDPR will significantly change how you interact with your stakeholders for the better. From 25 May, organisations and charities will need to comply with the new data protection regulations if they have any dealings with companies or consumers in EU member states (including the UK).
A pragmatic approach
At a recent GDPR roundtable hosted by the DMA, the ICO stated that they will be “pragmatic” and wanted to assure people that hefty fines won’t be issued come 25 May. Richard Sisson, Senior Policy Officer at the ICO, emphasised that if “you can show that you are working towards compliance – we may not be entirely happy all the time, but we will take those things into consideration.” He was keen to stress that for those organisations and charities still working through compliance and worried about the impending deadline, the ICO would investigate on a case-by-case basis and take many factors into consideration before handing out penalties.
Being a small business doesn’t mean you fall out of the GDPR scope. It’s recognised that small businesses have fewer resources and pose less of a risk to data protection, so there may be more leniency by the ICO in relation to any non-compliance - but you must ensure you do everything possible to be compliant.
Building new relationships
GDPR is a great opportunity to build new relationships, based on trust and transparency with your stakeholders. As highlighted by the DMA’s Code of Practice, organisations should be clear and transparent with their users and let them decide how their personal data will be used in the future – this is the perfect opportunity to implement such a culture within your charity. GDPR should be infused into your culture to build trust, improve the customer experience and demonstrate to consumers that their personal information is valued and respected – data sharing should be mutually beneficial. Getting GDPR right from the start will provide a range of benefits to both marketers and their respective charities.
Establishing trust is paramount to developing a sustainable data economy. In fact, according to the latest ‘Data privacy: What the consumer really thinks’ research conducted by the DMA & Acxiom, 54% of people ranked trust in their top three considerations for data exchange. Trust in an organisation remains the dominant prerequisite when engaging consumers within the data economy. Robert Bond, a partner at law firm Bristows, warned businesses at the DMA’s recent GDPR roundtable that once the rules kick in, he predicts a huge spike in consumers requesting access to their data. He said privacy groups will use this right to find out if organisations, large or small, are taking the appropriate actions. Clearly, it is best for you to proactively build consumer trust, rather than find yourselves recipients of a number of enquiries from concerned parties – which have to be responded to free of charge within one month.
By giving your stakeholders control over their data, with the option of opting in and out of services, this will help you to contact them with the right opportunities – it will also help them trust that the personal information you hold on them is accurate, consensual and in good hands. A data protection officer (DPO) can help, they are valuable roles that organisations are encouraged to create through GDPR, but are not compulsory for all - you can check here if you are unsure.
Incentives for data sharing
UK consumers demonstrate a growing interest in a range of incentives for data sharing, particularly personalisation, recommendations and access to exclusive events/content. For example, the ‘Data Privacy: What the consumer really thinks’ research also indicated that the number of people who claim they would be more likely to exchange their personal information in return for personalised products or services has risen from 26% in 2015 to 34% in 2018. In addition, the number of people who would be more likely to exchange data in return for personalised brand recommendations has increased from 20% in 2015 to 31% in 2018.
GDPR is much more than an issue of compliance and non-compliance. The benefits go far beyond the legal obligations and there are a number of opportunities available to those who seek them. As the evidence suggests, GDPR will make consumers much more likely to share their data and provide invaluable insights into their preferences, and even consumer behaviour in general. This in turn will help you to send relevant offers and tailored marketing that they have specifically opted for.
You now have a great opportunity to build trust with your stakeholders and create an environment where they appreciate that data sharing can be beneficial to all parties. It is now up to you to embrace GDPR’s principles of accountability, transparency, trust and respect in order to create a better consumer experience.
The ICO’s phone service is aimed at people running small businesses or charities. To access the new service dial the ICO helpline on 0303 123 1113 and select option 4 to be diverted to staff who can offer support.
John Mitchison is Director of Policy and Compliance at the DMA. He will be speaking at the Legacy Strategy Summit on 14 June 2018 about the impact of GDPR on legacy fundraising. To find out more and to book your place, visit https://legacystrategysummit.com/