Recently, the UK’s Information Commissioner’s Office signaled changes that marketers must implement NOW within business to consumer (B2C) marketing in order to stay within the law and these include:
- where consent is obtained from the customer to receive DM, separate opt-in consent must also be gathered in order to send DM messages on each and every other marketing channel;
- a higher burden of proof of customer consent is now required to be shown by marketers, irrespective of whether the marketing channel is telephone, mobile, email or automated calls;
- marketers will now need to keep a detailed record of how and when customer consent was obtained; what was actually said at the time of data collection and these records must now be available for inspection by the authorities on an ‘on demand’ basis, irrespective of the retrieval costs to business;
- marketers won’t be able to use any form of incentive as a condition to encourage customers to sign-up to receive information about products and services;
- statements currently used by marketers such as “by signing up you agree to…” will now need to be accompanied by a prominent opt-out box;
- opt-in permission collected from customers to disclose their details to third parties (for example, for list rental purposes) will only be reliable for a maximum six-month period and as a result will make investment in compiling commercial data assets uneconomic;
- where the brand owner is a group of companies, and appropriate customer consent has been obtained to receive DM from one of those companies, the brand owner will now need to spell out in detail the various other entities that are part of the group and separate consent must now be obtained to receive DM from each of those separate companies; and
- list brokers and list owners must now comply with a higher burden of proof that consent was obtained from every person on that list and the form of that consent will now need to be made known to third parties that rent such opt-in lists for sales and marketing purposes.
If this wasn’t bad enough, marketers face a ‘double legal whammy’ as on the horizon is another set of restrictive rules and regulations that look like becoming law across all 28 Member States of the European Union.
With the politicisation of business taking grip of MEPs ahead of the European Elections in May 2014, the result looks likely to be even more red tape with potentially damaging consequences for millions of businesses and organisations that depend on DM.
The concern for marketers is that changes to procedures and the cost of compliance may well be prohibitively expensive and tip companies over the edge.
More worryingly, these Regulations will have to implemented by all EU Member States that will be mandatory and without taking account of sales and marketing conduct currently within that territory.
Looking just beyond May 2014, it’s likely UK marketers will need to change their DM activities to ensure:
- where more than 5,000 records a year are processed or where those records are of a ‘sensitive’ nature, it’s likely to become compulsory for companies to appoint a Data Protection Officer;
- mandatory risk analysis and compulsory Privacy Impact Assessments are likely to be required as part of a company’s data protection procedures;
- companies will have to publish in greater detail what security measures are being deployed to protect customer data;
- adequate insurance will need to be in place in order to protect Data Processors as they look like becoming jointly liable in situations where there’s a breach in data protection;
- individuals are likely to have the ‘right of erasure’ of personal data and this is likely to make de-duping of lists much more problematic for marketers in the future; and
- the ‘right of erasure’ is also likely to extend to third parties with whom that customer data has also been shared.
In the UK, the Direct Marketing Association (DMA) has been lobbying hard to ensure that EU legislators as well as the Information Commissioner’s Office are aware of the enormous costs that compliance with these and other measures will entail as well as the risk to jobs should companies cease to be able to trade as a result of these Regulations.
“Renewals and win-back strategies where a customer has cancelled a subscription to a service, for example, are likely to be almost impossible to conduct in their current form, causing many businesses to lose vital incremental sales as a result,” observes Jenny Moseley, one of the leading direct marketing practitioners in the UK and an advisor to many companies that are fearful that the proposed Regulations could effectively put them out of business.
The assumption that the customer has absolutely no interest in sharing personal information with any legitimate business that wants to sell relevant goods and services will become the ‘new norm’.
What concerns many marketers is that these wide-scale changes are politically motivated within Europe and clearly don’t take account of the practical consequences on businesses and jobs that will be affected should these measures become law.
Nor do these proposed measures add very much extra protection to consumers that’s already been introduced here in the UK.
Cowboys will still be cowboys and legitimate businesses will suffer as European legislators are set to pass laws that fail to take account of local market conditions or are less onerous for legitimate business interests.
DM practice across Europe is already subject to some of the toughest data protection and privacy laws in the world. But new laws being proposed within the EU will create an imbalance in the way the law currently operates, making DM almost impossible without the provision of information and proof of consent irrespective that many in the industry regard as impractical and unworkable.