There’s been a lot in the news lately about how privacy regulations are set to change on 6th April 2015. In essence the change means that proof of “substantial harm or substantial stress” caused by a breach is no longer necessary; the regulator can impose fines of up to £0.5m for a proven breach.
This is good news. There have been times (e.g. the Tetrus case in 2012) when there have been blatant breaches but the ICO has been unable to prove substantial harm or substantial stress and the perpetrators have got away with it on that legal technicality.
From the 6th April, those who don’t obey the privacy regulations will be fined, leaving those of us who do stick to the rules in a much better position.
But what of the future?
We have yet to see the end game in terms of the way that Data Protection Legislation will change in the future, but one thing is certain – it will change, and the rumour is that it will happen in 2016.
All parties involved in the decision-making are looking to create a Regulation as opposed to the current Directive. (The difference, for us non-lawyers, is that any Regulation will mean the same rules apply across Europe, whereas under the current Directive there has been room for interpretation by each member state).
Here in the UK, the Directive has been interpreted differently for B2C and B2B. Currently for B2B marketing there is no need for explicit consent in the UK, but in Germany the need for explicit consent for both B2B and B2C long-since killed the list provider industry in that country. Which view will win out when everyone meets to agree on the pan-European regulations?
The answer, at this stage, is that no-one knows.
There was, however, some comfort given recently at the DMA Data Protection conference when the Information Commissioner, Christopher Graham, told marketers not to panic, saying “If you do it right now, then there’s not a lot to fear.” He went on to explain that he feels “proud to put my faith in a pragmatic approach” and assured the audience that “the ICO is in the enabling business, not the denial business” wanting to “stop cowboys and enable good marketers to do their job”.
But how can we be sure we are “doing a good job”? There are a plethora of rules and regulations written in legal speak but it’s difficult to find really easy-to-follow guidelines… until now. The DMA just published its Code of Conduct which seeks to provide a framework for treating each customer with fairness and respect.
At the heart of the views from the DMA, the ICO and other experts is the request to be very explicit about how you are going to use someone’s data, and the good news is that a study by Telefónica showed that if you are upfront about how data will be used, people are actually more likely to share it.
The ICO wants to move away from an attitude of “grudging compliance” to “active engagement” and I loved it when he said that “companies who are the first movers in the engagement game will be the brands people most trust.”
Why did I love it?
Because that statement really supports the Inbound Marketing Methodology – attracting strangers and gaining their trust by putting out informative, valuable, relevant, “remarkable” content. The Inbound Methodology is as relevant for B2B as it is for B2C – if not more so – and it helps to keep us all on the straight and narrow when it comes to gaining consent. Of course, if you use HubSpot then you will forever hold easy-to-find proof of consent too.
In summary, we potentially have good news in terms of the plans/hopes for a pragmatic set of regulations around Data Protection in the future. But we aren’t there yet. The timescale for changes to the Data Protection Regulations is likely to be another year away and it may take a further two years to implement.
Having said that, it’s always good to be prepared… particularly as one of the changes is likely to involve having “explicit consent” to market to people, AND having proof of that consent. It’s wise to start now – do an audit and start proving that you have consent from everyone in your database… it could take some time!
Update: 10 Jan 2017 The DMA has released the latest news on this topic - things may be a little simpler for B2B marketers after all..... Read more