Presentation is loading. Please wait.

Presentation is loading. Please wait.

Conducting Compliant Marketing & SARs Workshop - CMG Events

Published byBarrie Rose Modified over 5 years ago

Similar presentations

Presentation on theme: "Conducting Compliant Marketing & SARs Workshop - CMG Events"— Presentation transcript:

1 Conducting Compliant Marketing & SARs Workshop - CMG Events
Data Privacy Information Governance Information Quality (c) Castlebridge - distributed with permission

2 Direct Marketing & GDPR
Understanding the Link between Marketing activity, Subject Access Request, and GDPR Hosted by

3 G GDPR overview

4 Gdpr Enhanced rights for data subjects
Accountability, Transparency, Security Fines and enforcement by Regulator

5 rights for data subjects
Right to object to processing Right to withdraw consent to processing Right to Subject Access Request

6 Responsibilities for companies
Fair and lawful obtaining of data Adherence to standards of GDPR Document processes to demonstrate compliance

7 gdpr – A risk based approach
Identify risks Assess level of risk aversion Minimise exposure and implement best practice

8 RISKS AND IMPLICATIONS OF direct marketing

9 Direct marketing Information about products, services, events
Linked by a call to action Asking subject to exchange money, data, or time

10 direct marketing risks
Bad/unlawful marketing annoys customers Customers are more aware of their rights Angry customers more likely to complain

11 Risks to business Reputational damage/loss of customer faith
Subject Access Request or prosecution by DPC Operational risks: fines or cease processing of data

12 Dpc and complaints 58% increase in complaints to DPC in 2016
Data subjects increasingly exercising SAR rights Bad marketing is a driver of Subject Access Requests

13 Subject access requests
Data subject has right to request copy of all data held  Estimated cost in resourcing and outsourcing single SAR:  Minimum: €700                Maximum: over €100k

14 Other sanctions Fines of 2% / 4% of turnover, or €10m / €20m
Notice to stop processing could be more damaging Potential to massively disrupt business 

15 GDPR and Direct marketing

16 direct marketing methods
Electronic mail Calls and texts Landline / Postal

17 Obtaining data Processes for obtaining data must comply with GDPR
Must be able to explain where data came from Must be able to explain nature of processing 

18 Consent and electronic mail
Opt-in required Inform at time of data capture of DM purpose Must tell customer who is sending /sms Simple and free mechanism for contact/opt-out  

19 Consent and calling Landlines
Opt-out Inform at time of data capture of DM purpose Check on NDD for “Do-Not-Call” notice Simple and free mechanism for opt-out  

20 Consent and calling mobiles
Opt-in required Inform at time of data capture of DM purpose Simple and free mechanism for opt-out  

21 Marketing to existing customers
Needs to be for similar product as originally bought New consent required if done on behalf of third-party Best practice requires Opt-in at point of sale Simple and free mechanism for opt-out on every message  

22 Marketing and OTT services
OTT = Twitter, Facebook, WhatsApp, Skype etc. Best practice = do not use these channels Loss of control over data through use of OTT services

23 Marketing essentials Rules apply to both B2C and B2B
Simple and free opt-outs must be provided Do not use pre-ticked boxes Do not use OTT services 

24 RISK mitigation strategies

25 First steps Review how you engage in direct marketing
Review consent, and ensure adherence to GDPR  Document processes to demonstrate compliance

26 Assess direct marketing methods
How do you market? Document these processes  Ensure data has been lawfully obtained Ensure highest standards of consent 

27 Minimising exposure Principle of Data Minimisation
Ethical approach to data processing Application of best practice checks and balances

28 Ethical data handling Care for your customer or client
Respect data and privacy rights of individual Acquire data in a lawful manner

29 Demonstrate compliance
Document all processes around data processing Ensure transparency and clarity in policies, T&Cs, etc. Ensure highest standards of security 

30 To conduct marketing in a compliant manner under GDPR, you will need to document processes and information flows relating to marketing activities.

31 Benefits of compliance
G Benefits of compliance

32 Customer care Greater customer trust
Greater customer engagement through transparency Enhanced reputation for your company  

33 Risk minimisation Lower chance of complaints re: direct marketing
Lower chance of receiving Subject Access Request Lower exposure to fines from regulator (DPC) 

34 Streamlined business Data Minimisation good for any organisation
Process documentation = good information governance Documentation allows for better marketing  

35 G Key takeaways

36 Direct marketing & gdpr
DM is a legitimate business interest under GDPR Responsibilities towards customers and their data Risk of fines/Subject Access Requests for non-compliance

37 Better direct marketing
Risk mitigation through data minimisation Lawful obtaining of data and GDPR compliance Better customer engagement through transparency

38 Conducting Compliant Marketing & SARs Workshop - CMG Events
Data Privacy Information Governance Information Quality (c) Castlebridge - distributed with permission

Download ppt "Conducting Compliant Marketing & SARs Workshop - CMG Events"

Similar presentations

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Email Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.

Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.

Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
Topic 4 How organisations promote quality care Codes of Practice

Topic 4 How organisations promote quality care Codes of Practice
EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.

EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.
Data Protection Act AS Module 1 10.8 Heathcote Ch. 12.

Data Protection Act AS Module Heathcote Ch. 12.
Digital Banking and Data Protection Achieving balance of compliance with customer experience and opportunity 30 September 2015 Paula Barrett Partner.

Digital Banking and Data Protection Achieving balance of compliance with customer experience and opportunity 30 September 2015 Paula Barrett Partner.
INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation.

INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation.
Serving the Public. Regulating the Profession. CANADA’S ANTI-SPAM LEGISLATION (CASL) Training for Chapters Based on Guidelines for Chapters First published.

Serving the Public. Regulating the Profession. CANADA’S ANTI-SPAM LEGISLATION (CASL) Training for Chapters Based on Guidelines for Chapters First published.
Castlebridge associates |www.castlebridge.ie | www.dataprotectionofficer.ie Castlebridge changing how people think about information How to Implement the.

Castlebridge associates | | Castlebridge changing how people think about information How to Implement the.
The Data Protection Audit How to prepare What to expect The end results Dublin Chamber of Commerce, March 24 th.

The Data Protection Audit How to prepare What to expect The end results Dublin Chamber of Commerce, March 24 th.
Commissioning Services: with the DPA in mind South Yorkshire Information and Data Sharing Group Sheffield 14 th August 2014 Lynne Shackley Lead Policy.

Commissioning Services: with the DPA in mind South Yorkshire Information and Data Sharing Group Sheffield 14 th August 2014 Lynne Shackley Lead Policy.
Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.

Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Political campaigning: data protection & electronic marketing

Political campaigning: data protection & electronic marketing
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.
Data Protection Officer’s Overview of the GDPR

Data Protection Officer’s Overview of the GDPR
Fundraising Regulation: What does it mean for charities?

Fundraising Regulation: What does it mean for charities?
Running Compliant Direct Marketing

Running Compliant Direct Marketing
Ian De Freitas, Partner, Farrer & Co 6 September 2017

Ian De Freitas, Partner, Farrer & Co 6 September 2017

Similar presentations

Ads by Google