• Search
Angela Kunawicz 15th November 2022

Five Common GDPR Myths Rebuffed

REALITY TV star Ferne McCann has called on the police to investigate shocking leaked voice recordings of her allegedly belittling a former TOWIE co-star. While it’s not been confirmed who is speaking in audio notes, which were exposed by an anonymous Instagram account, it got me thinking about data profiling, processing, and enhancement.

Have you ever wondered how your business obtains, stores, and uses customer’s personal information? When the General Data Protection Regulation – also known as GDPR – came into play, many marketing firms feared it would create barriers to information sharing.

Rumours about huge fines for any non-compliance and misconceptions about the amount of time staff would have to commit to data protection were rife. Not to mention the anxiety it caused marketers over the future of telemarketing processes and campaigns.

Here at Blueberry, we are fully committed to data security and data quality, which is why we provide companies with free data audits on their current customer or prospect data. This includes identifying any data quality problems and assessing your data integrity.

Want to find out more about the benefits about a GDPR compliant workplace? Distinguish between fact and fiction by reading our article refuting the top five myths surrounding GDPR.

MYTH 1: “THE BIGGEST THREAT TO FIRMS FROM GDPR IS HUGE FINES.”

While it’s true that your firm could face fines for not taking sufficient security measures to prevent or contain a serious personal data breach, each fine is determined on a case-by-case basis. Any penalty issued by the ICO (Information Commissioner’s Office) is intended to be effective, dissuasive, and proportionate to the offence. Ultimately, fines depend on the level of infraction. On the high end, companies could face fines of up to 4 per cent of their global turnover or €20 million, whichever is highest.

A data breach describes any circumstance where an outside body gains access to user data without an individual’s permission. In many breaches the data is used maliciously against users. According to the GDPR, businesses must provide adequate notice should any data breach occur. Firms have 72 hours to notify the appropriate data protection agency and must inform affected individuals without delay.

MYTH 2: “GDPR MEANS WE MUST HAVE CONSENT TO PROCESS ALL DATA.”

The GDPR is creating higher standards when it comes to consent. A pre-ticked opt-in box does not constitute a valid consent and companies must make it easy for individuals to withdraw their consent. Nonetheless, consent is just one way to comply with GDPR, but it is not the only way. The GDPR provides several legal bases for processing data: consent, performance of a contract, a legitimate interest, a vital interest, a public interest, and a legal requirement. Direct marketing is recognised as a legitimate interest. And while this is not an all-access pass to contact whoever you want, there may be legitimate grounds to process data in marketing operations.

MYTH 3: “GDPR IS A SERIOUS BURDEN & HAMPERS MARKETING PROCESSES.”

This may well be the case if your marketing strategy involves bombarding people with unsolicited, untargeted, mass marketing messages. But if this is true, you really should be rethinking your marketing methods anyway. By managing contact preferences and keeping your marketing lists focussed on those that are genuinely interested to hear from you, your firm can boost marketing conversions and ensure GDPR compliance.

The GDPR also sets out several key principles that should lie at the heart of your approach to processing data: lawfulness, fairness, accuracy, and transparency are central factors. Others include purpose limitation, data minimisation, storage limitation, integrity, confidentiality, and accountability.

MYTH 4: “GDPR HAS DRASTICALLY ALTERED THE LANDSCAPE FOR B2B EMAIL MARKETING & TELEMARKETING.”

Telemarketing and email marketing are already governed by the Privacy & Electronic Communications Regulation, (PECR)*. This lays out more specific rules about direct marketing. For instance, under the PECR you must check all your telemarketing data against the Telephone Preference Service (TPS). This is the UKs only official ‘Do Not Call’ register for landlines and mobile phone numbers. By signing up for the free service, people and businesses can opt-out of unsolicited live sales and marketing calls. There’s also a similar register for businesses, the Corporate Telephone Preference Service (CTPS). If a number is registered with either service, organisations are legally required under the PECR to refrain from calling. Moreover, they must screen against the TPS or CTPS at least once every 28 days. The ICO enforces the law and has the power to fine firms that break it.
The PECR also lays out rules for email marketing. On a very basic level, B2C email marketing operates on a solely opt-in basis, while B2B email marketing operates on an opt-out basis. It’s a little more complicated, particularly with sole traders!

MYTH 5: “GDPR IS A WASTE OF TIME & IS IMPOSSIBLE TO ADHERE TO.”

GDPR is a sensible evolution of data protection law in response to our ever-increasing data-driven world. Companies can avoid fines and keep on track by taking the necessary measures to meet the GDPR’s rules. If you process data based on consent, the rules for what counts as valid are tighter than ever before. And if you process data on the basis of legitimate interest you need to ensure that you are conducting a Legitimate Interest Assessment too.

Audit how GDRP compliant your business is and tighten up your practices by taking some of the practical steps set out in this article. Have you considered employing a GDPR expert or Data Protection Officer to steer your firm and ensure you stay compliant? Determine what kind of data your firm holds on individuals and provide people with an easy way to opt-out of having their data collected. Make certain you have an up-to-date GDPR compliant cookie policy and privacy policy in place. Use GDPR to your advantage by re-engaging your database and streamlining your contact lists.

Contact the Blueberry team on (0113) 4877013 to arrange for a free data audit.

WHAT IS PECR?*

The Privacy and Electronic Communications Regulations (PECR) sit alongside the Data Protection Act and the UK’s GDPR. The regulations set out specific privacy rules on electronic communications including:

  • Marketing calls, emails, texts & faxes.

  • Cookies (and similar technologies) that track information about people accessing a website / other electronic service.

  • Keeping electronic communication services secure.

  • Customer privacy when using communications networks regarding traffic & location data, itemised billing, directory listings & line identification, such as caller ID & call return.

[Copyright © 2022 Angela Kunawicz & Blueberry Marketing Solutions. All rights reserved.]

Written By Angela Kunawicz
Angela is an award winning journalist, videographer and marketeer who has worked in regional and international media outlets across the UK and Middle East, including the BBC and Abu Dhabi Media Company. With a flair for human interest stories, hard news and campaigns, she has also been commended for her outstanding photography and video productions.

Also written by Angela