When it comes to European data protection, things are changing faster than ever! The countdown has officially started for the GDPR (General Data Protection Regulation), with this coming into force on 25 May 2018. This will bring in greater protection for consumers, giving them more control over how their personal information is collected, stored, shared and used.
In the UK, the ICO will be stronger in their enforcement of the GDPR, meaning marketers will need to ensure they comply with the laws before the deadline date. What many companies fail to realise is that collecting consumer information for email marketing campaigns in particular is valuable, however it’s easy for this information to be neglected. One area where companies can, and are, abusing the value of data is within their deployment of privacy information and notices to individuals. Many companies use their privacy notice as a device to hide or mask their true intentions of how they’ll use an individual’s data. However, with the new GDPR, this must change.
Companies will now no longer be able to hide information in their privacy notices or use any technical or ambiguous wording. The GDPR requires complete transparency and fairness, so that the individual knows exactly how their data will be used.
If you look at your privacy notice, are you completely transparent? Do you tell the individual exactly what you’ll do with their data? Would they be surprised to learn that you use their data in the way that you do?
By now, you’re probably realising that you need to revisit it and make a few changes… or even start from scratch!
The GDPR states all processing of information must be transparent and in order to carry out transparent processing “it should be transparent what data is collected and used” and “for what specific purposes” the data is collected for. This means you must think about your privacy notice as a whole, so not just your policy but the information you provide at the point of data collection. The easiest way to do this is to use a layered privacy notice.
This type of privacy notice usually contains three layers.
Layer 1 – The short notice. Includes the minimum information, can explain the purpose of processing data, the identity of the data controller and a link to more privacy information. The example below shows a simple statement that sets the individual’s expectations when signing up to an email newsletter.
Layer 2 – The condensed notice. Explains the basic principles that are usually less than one page or segmented into small segments. This should remain simple, but give more detail than layer 1. You can see in the example below that the information provided is enough to give an individual greater insight into how their data will be used however, more information is available.
Layer 3 – The full notice. Where you give all information needed and should cover every way in which you process data. Layer 3 should also include links to the full policy notice like the example below.
The layered approach increases the public’s understanding of privacy and data protection without overwhelming them with pages of ambiguous information. A huge part of data protection is fairness and transparency so in order to be fair and transparent to the public, you need to provide all the information they need in an easy and understandable way, which is why the layered approach is fast becoming the preferred method of conveying that information.
Another reason to get your privacy notice in shape is to ensure your consent for processing is valid. In order to process information you need consent and the GDPR states that consent is
“The individuals freely given, specific, informed and unambiguous indication, either by a statement or by a clear affirmative action, signifying their agreement to their personal data being processed”
The easiest way to get an “informed and unambiguous indication” from the individual is to make your privacy notice as clear and transparent as possible. This leaves the individual knowing exactly what to expect which in turn means you’re protected against any complaints that may be made regarding your processing of information.
The last thing to consider before making changes to your notice is to understand how you exactly collect, use and store data. How can you be completely transparent in your privacy notice if you don’t know what you do with the data you collect? To get a clear understanding of the changes, you need to do some investigating on how the GDPR will work and how it will affect your company.
Your privacy notice is a way of communicating privacy information to individuals so you can protect yourself against any complaints that are made, or completely remove the need to complain by making it easy to understand. With this in mind, are you ready for the changes and is your privacy notice up to scratch?
Thanks to Ash Wood for sharing her advice and opinions in this post. Ashleigh Wood is the Information Governance Officer within the compliance team at Communicator, focusing on internal and client information governance. You can follow her on Twitter
By Ashleigh Wood
This blog post has been tagged with:
Implications of the GDPR for marketing in UK and EuropeTurbocharge your results with this toolkit containing 11 resources
The Digital Marketing Strategy And Planning toolkit contains:
Start your Digital Marketing Plan today with our Free membership.
Recommended Blog Posts
Discover how to use our customer journey mapping template to create actionable insights to improve your marketing In today’s digitally connected world, customers have a myriad of choices when it comes to connecting with brands and businesses. There are many …..
Our guide to creating a SWOT matrix analysis to prioritize digital marketing strategy with the TOWS technique A SWOT analysis is an essential part of any business or marketing plan. It allows you to create a plan of action based not …..
It’s not enough to create buyer personas and leave them getting dusty on the shelf. Find out how to apply customer personas to inform each stage of your marketing strategy What are marketing personas? Customer or buyer personas are fictional …..
