SMARTER SELLING
REGULATION
NEW AGE OF CONSENT Andy and David Smith offer practical advice on compliance with the new data protection regime As a result, you need to understand the impact of GDPR on how you source your customer and your prospect data, how you process it, and how you store it and pass it to third parties. While GDPR will have organisation-wide impact, the challenge it poses to direct sales and marketing is particularly significant. If a business fails to prepare for it, the repercussions will be felt beyond the use of personal data within sales activity. The firm will be hit by eye-watering penalties – do you really want to write a cheque for 4% of turnover? And it may become so averse to the risk of direct sales and marketing that it stops conducting any. If your company stopped selling, how would you pay your bills? If everyone moved budgets to “search” and social media, only the cash-rich companies could afford that game. WHAT IS PERSONAL DATA?
GDPR only applies to personal data. This can be a name, email, phone number, address, but also social media labels, photographs, IP addresses and, for instance, information gathered using cookies and tracking codes. The test is quite simple: if data identifies an individual then it is personal data.
Y
ou have probably heard of GDPR. If you haven’t, it’s the General Data Protection Regulation, and it’s coming to you soon. You currently hold lists of customers, lists of prospects – in fact, all sorts of lists that identify all sorts of individuals. GDPR impacts on direct sales and marketing because of the reliance on the use of names, job responsibilities and contact details. And this will now apply as much to the B2B world as B2C – in future there will be no distinction. GDPR replaces the UK Data Protection Act (DPA) on 25 May 2018. From that date it demands that you protect any data you hold on people (data subjects), and ensure it has been legally obtained. It also places a duty on someone in your organisation to take some serious steps if something goes wrong and a data breach occurs. Your organisation will rely, to a greater or lesser degree, on data that is deemed to be personal information. GDPR demands that personal data you hold on staff, suppliers and customers is: l Secure l Fairly sourced l Accurate l Kept for no longer than is necessary l Not transferred abroad (with some exceptions) l Processed lawfully.
6 WINNING EDGE
6-9 Smarter Selling V3.indd 14
HANDLE DATA PROPERLY
ANDY SMITH (right) is managing director, and DAVID SMITH is technical director, of Corpdata, supplying legally compliant business lists and offering advice on GDPR. Visit www.corpdata.co.uk or call 01626 777400.
GDPR affects how your sales and marketing function handles personal data, and how it collects it. GDPR brings with it greater emphasis on the prevention of data breaches, so you will actively need to protect the data you hold, and be able to prove that you are doing so. Should a breach occur, you must identify it and handle it appropriately. Given our definition of personal data, how much do you hold? Where is it held? Who has access to it? If you send it out from your organisation, how? Is it adequately protected? If you can’t answer these questions, you need to audit the personal data you hold, and define sensible measures to ensure it is securely stored. You need a clear policy that informs and leads your organisation. COLLECT DATA CAREFULLY
To comply with the new law, you must demonstrate some legal basis for holding an individual’s personal information. You must explain to the individual why you are collecting data and how you are going to use it. GDPR means that their consent for you to use their data can no longer be assumed. The requirements for consent to be lawful are more rigid and specific. You will no longer be able ISMPROFESSIONAL.COM
26/10/2017 08:43
