Now and Next

Data Protection Reform

and Digital Marketingin Charities

THINGSTO COVER

Data protection laws regulate the use of personal information and marketing.

These laws have changed and are continuing to change

What is the impact of these changes to email and direct marketing?

What early steps can be taken?

DATA PROTECTION ACTPersonal data must be used fairly and lawfully

Personal data must only be used for specified purposes

Stored personal data must be adequate, relevant and not excessive

Continued >

DATA PROTECTION ACTPersonal data must be kept accurate and up to date

Personal data must not be kept longer than necessary

Individuals must have the right to understand and change how their personal data is used

Data Protection

Act

CORE PRINCIPLES

CANADIAN CASL

US CAN-SPAM

UK DATA PROTECTION

ACT JAPAN ANTI SPAM

RUSSIAN LAW “ON

PERSONAL DATA”

OECD

CORE PRINCIPLES

• Collection Limitation

• Data Quality

• Purpose Specification

• Use Limitation

• OpennessRef:OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

1. Opt-in consent for all marketing, including for B2B marketing, post and telephone marketing

2. The end of unprovable/undocumented third-party marketing lists

3. The Right to be Forgotten

EU GDPR:DATA REFORM

4. Clear language

5. Individual right to claim compensation

6. Fines up to €100 million or 5% annual income (whichever is larger)

EU GDPR:DATA REFORM

7. Enforcement régime instead of self-regulation

8. International co-operation and enforcement

EU GDPR:DATA REFORM

1. Our guide to what’s coming

2. Data collection & consent

3. Processing & storing data

4. What campaigns can you send?

5. Translating the changes to your donors

6. The right to be forgotten

FULL DETAILS ONLINE

communicatorcorp.com/resources

Results in

• Increased risk of

legal/financial claim

• Higher costs of

legal/financial claim

Which means you need

to

• Be transparent

• Use simple language

• Data collection

methods which are

traceable

• Record and store proof

for quick response

WHAT THIS MEANS

Changes

• Fines by default

• Clear consumers rights

• Easier compensation

HIGHER FINES

WHAT THIS MEANSTHE RIGHT TO BE FORGOTTEN

Results in

Must be able to delete:

• Donor Names

• Address

• Purchase

• Browsing & Payment Details

From:

• Websites

• Accounts

• Stock Systems

• Analytics

• Marketing & Databases

Consider

• Guest donations and purchases

• 3rd Party payment services

• Profile creation should be based on value

Changes

• Donors have the right

to make anonymous

donations and

purchases

• Donors have the right to

have their information

deleted

Onus on decision makers• More responsibility and

accountability for managers and directors

• More powers for ICO

• Self-regulate or get more regulation + enforcement

Google v. Vidal-Hall

• No need for proof of financial harm

• IP and device are “personal information”

3rd party data focus• 6 month cap on 3rd

party data consent

• “Chain unsubscribe” process required (unsubscribe from all underlying source lists)

IoF and FRSB

• Following its rules will be compulsory

• Standardised opt-out statements

• “OUGHT” to be “MUST”

Court and ICO Powers

• Unlimited fines for firms and individuals

• More powers for ICO

• 45 Investigations, 7 firms being monitored and 20 third-party data notices

Exposé into Data Industry

• Not just fines, but criminal investigation

• ICO Investigation into websites and high street brands supplying data

UK DATA PROTECTION NEWS

TIMELINE

NEXT2014LATE

Investigation into nuisance calls and spam texts

More enforcement powers

Focus on marketing data industry

Where else collects, sells or uses consumer data?

High street brands and popular websites

Focus on Charity Industry

2015MAY

2015JUNE

• Reliance on volunteers: • High turnover• Understanding of Data

Protection issues

• Only about a third of charities provided data protection notices

• Over half didn’t have data retention/deletion processes

• A third of charities lacked processes to maintain accuracy and relevancy

Specific Challenges

• For any personal data you store and use, you must have a clear business need or explicit permission

• When relying on permission, make sure you can prove it

• The older the data, or the more removed it is from that original purpose, the more difficult it is to prove that consent is valid

GENERAL RULES

• Where do you collect your donor data?

• What personal, preference, behavioural or purchase data do you collect about, or from your donor?

• How much of that data is actually used?

• Do your donors know that you collect and use their data in that way?

• When do you delete that data?

THINGS TO CONSIDER NOW

• How do your donors subscribe or opt in?

• Specifically, for what does your consent cover?

• Is subscription or opt-in a genuine choice?

• Does consent cover how you actually use your donor data?

• Do you use 3rd party data, or supply data vendors?

• If you were asked today, what consent can you prove?

THINGS TO CONSIDER NOW

• Collect explicit consent for new donors

• Re-confirm consent and preferences for existing donors

THINGS TO CONSIDER NOW

• B2B Opt-in

• IP address and other identifiers as personal data

• Clear language

• Anonymous reporting data to allow data deletion

• The right to be forgotten

• Anonymous purchases

THINGS TO CONSIDER NOW

BIG HEADLINES

NOT BIG CHANGES

NEW FINES AND ENFORCEMENT MEAN YOU MUST BE ABLE TO JUSTIFY DATA USE AND PROVE CONSENT.

IOF CODE Reform

THANK YOUANY QUESTIONS?

Download our free guides at… www.communicatorcorp.com

Tweet us… @CommCorp@EasyInbox#EUDP