GDPR: is this your business advantage?

James Delves, Head of PR and Public Affairs. 

From 25 May 2018 the General Data Protection Regulation (GDPR) comes into force and will automatically apply to businesses operating in the UK. GDPR is a legal requirement and every organisation that processes the personal data of EU citizens will need to comply. The UK’s decision to leave the EU will not affect the commencement of the GDPR. Since the aim is to give individuals greater control of their personal data, should compliance with this new directive be viewed as yet another administrative barrier to business success or a positive enabler for marketers?

Stanley Kubrick wrote the screenplay for Dr. Strangelove or How I Learned to Stop Worrying and Love the Bomb in the 60s to address widespread fear of a nuclear threat on the horizon. GDPR should certainly not be seen in the same category for marketers. Yes, it needs to be taken seriously, but it also brings many positives. 

GDPR is designed to be Brexit-proof, ensuring whatever the results of the current negotiations with the EU, UK marketers need to stand up and take notice. We at CIM feel that handling consumer data correctly is a business-critical issue. Done poorly it could result in big fines – potentially up to €20 million or 4% of a business’ global annual turnover (whichever is the greater).

But if data is handled correctly, it can provide a real business advantage, allowing marketers to reach the right audience, in the right way, at the right time – and after all, understanding customers and meet their needs is fundamental to everything we do as marketers. 

Less than 12 weeks away

Last month, the Financial Conduct Authority (FCA) and the Information Commissioners Office (ICO) published an update on the General Data Protection Regulation, or as we know it, GDPR.

The update addressed a number of issues such as new FCA's rulings, which require financial services firms to process personal data and the possible affect that has with complying with GDPR. The joint statement mentions:

“We believe the GDPR does not impose requirements which are incompatible with the rules in the FCA Handbook. Indeed, there are a number of requirements that are common to the GDPR and the financial regulatory regime detailed in the Handbook. The requirement to treat customers fairly is also central to both data protection law and the current financial services regulatory framework. When the FCA makes rules, we take into account how our requirements will affect the privacy interests of individuals such as firms’ customers and employees, and are open and transparent on why we have made rules in the way that we have.”

The FCA, ICO and CIM all agree that GDPR compliance is a board level responsibility. Organisations must embrace the new law and regulatory framework and be able to produce evidence to demonstrate that they have taken steps to treat customers fairly. However, both the FCA and ICO also pointed out that they recognise there will be ongoing discussions to ensure how GDPR can be implemented consistently within the wider regulatory landscape.

Providing marketers with a voice

Both organisations recently hosted a GDPR roundtable, which provided industry bodies and organisations with a voice to explain concerns. The result was that the FCA and ICO have agreed to collaborate in the coming weeks and months to address the issues raised at the roundtable, in preparation for the introduction of the GDPR in May. Again, as we receive definitive answers or advice we will share them with our members.

Policing UK organisations

Also detailed in the update was how the ICO and FCA plan to share the role of monitoring and policing GDPR the latest framework updates. The ICO will regulate the GDPR. The FCA also considers GDPR under the organisation’s rule. An example of this would be the requirements in the Senior Management Arrangements, Systems and Controls (SYSC) module - as part of their obligations under SYSC, UK organisations should establish, maintain and improve appropriate technology and cyber resilience systems and controls.

How can CIM help?

CIM offers GDPR courses (both online and in person) at all career levels including: foundation, practitioner and at board level. See details of our one-day training course GDPR for the marketer.  

CIM has partnered with e-learning specialists, Me Learning, and leading data security legal firm, Clayden Law, to develop a suite of online GDPR courses for a range of job roles. Taking around three hours to complete, you can efficiently train any number of staff at a low cost per person, with minimal disruption to their working day. So you can ensure everyone is prepared for 25 May 2018. For more information and to discuss group discounts, email training@cim.co.uk or call 01628 427360.

On Thursday 19 April 2018, Irwin Mitchell Solicitors will give an overview of key steps to GDPR compliance with a focus on the GDPR’s impact on digital marketing. This breakfast briefing takes place a short hop from London, beside Crawley train station, close to Gatwick Airport. See details and book your place.

Find out more information on GDPR and the courses CIM offers here.