In the post-pandemic era, direct marketing is playing a key role in helping businesses stay connected with their customers and maintain continuity. With that being said, not being able to fully comply with the GDPR and Data Protection Act can wreak havoc on businesses, if the Information Commissioner’s Office (ICO) chooses to impose penalties or heavy fines on them.
Even though, as a business owner, it’s easier than ever to avail Data Protection Officer services in the UK, there’s always something your marketing team can do to avoid the legal hassles that come with GDPR non-compliance. To guide you in the right direction, this post contains some of the most important questions you need to ask your marketing team today to ensure your ongoing marketing campaigns are GDPR compliant. But first, let’s understand the role of marketing consent in GDPR compliance.
What’s the role of marketing consent in GDPR compliance?
Both the GDPR and Privacy and Electronic Communications Regulations (PECR) require businesses in the UK to request consent from their data subjects before sending them any marketing messages. For the consent to be considered valid, it needs to be:
- Recorded with affirmative action on the user’s part, without any influence or pre-defined inputs (like pre-ticked checkboxes) from the marketer’s end
- Specifically related to a single clause and not bundled with any other consent requests, terms and conditions, etc.
- Provided freely by the individual without any pressure or persuasion
- Clear to the data subject what exactly they are agreeing or consenting to
- Shared along with an option to withdraw consent with ease whenever the individual wishes to do that
Any consent that doesn’t meet the criteria mentioned above will not be considered valid by the ICO, if your business ever comes under their scrutiny.
6 Questions To Ask Your Marketing Team About GDPR Compliance
To be able to better assess your compliance with the UK GDPR, PECR and Data Protection Act, ask your marketing team the following six questions:
Question #1: How confident are you that all the recipients of our marketing messages are finding the messages fully relevant and what would they do if given the chance to withdraw their consent?
Your marketing team needs to ensure your marketing messages are not getting flagged as irrelevant. Ideally, they should review the marketing databases regularly and eliminate the contacts that are not interacting with your marketing messages, in order to maintain a high level of relevance and avoid running into GDPR compliance issues later on.
Question #2: Is our marketing communication oriented towards B2C or B2B?
It’s important to note that different rules apply to B2C and B2B marketing. Without being able to distinguish whether your marketing communication is oriented towards B2B or B2C, it will be difficult to determine which data protection laws you need to consider and what’s the correct approach for maintaining compliance in your case.
Question #3: Is the valid consent of the data subjects being recorded with the help of an opt-in form?
As shared previously in the section on what makes consent valid as per GDPR and PECR, it’s important to record the consent of your data subjects using an opt-in form. The form should allow them to share their consent explicitly. At the same time, you need to avoid being persuasive or influencing their choice for signing up by making it a prerequisite for availing a product or service.
Question #4: Does the team maintain records of all the data subjects along with the consent provided by them?
If your team doesn’t maintain records of valid consent for all the data subjects, they simply don’t have consent in the eyes of law. No matter how compliant your marketing campaign has been so far, without having proof of consent you will be risking everything.
Question #5: For any B2B marketing communication, has legitimate interest been used as the lawful basis? If yes, has a Legitimate Interest Assessment (LIA) been conducted?
As a B2B marketer, you need to use legitimate interest as the lawful basis for running your B2B marketing campaign, just like you would use valid consent as the lawful basis in the case of a B2C marketing campaign. Also, it’s advisable to have a Legitimate Interest Assessment (LIA) done for the same, as soon as possible, which will help you justify your lawful marketing activity in case your business is scrutinised for non-compliance.
Question #6: How easy is it for the recipients to withdraw their consent and opt-out of the marketing list, whenever they please?
Needless to say, if the recipients were not finding the messages useful, your marketing campaign isn’t successful anyway. But regardless of how your campaign is doing, you need to provide the recipients with an option to unsubscribe or opt out of your mailing list anytime, if you are serious about maintaining compliance with the GDPR.
By letting your marketing team answer these questions, you can discover where the gaps lie and then work with your legal and data privacy teams to figure out what could be the right approach for fixing these gaps.