B2B telemarketing in a GDPR world

Transcription

1 B2B telemarketing in a GDPR world Written by: Jason Waldock & Anita Turner OUR BUSINESS IS NEW BUSINESS 1

2 Foreword Given the right advice and expertise, telemarketing in the GDPR world should be more effective. With a strategic and targeted approach telemarketing will not only survive, but thrive in the world of the GDPR. Now is the time to update and refresh your databases and to ensure that the information you are using for your campaigns will be compliant. The current Data Protection Act 1998 (DPA) was written for a time when we had not anticipated such a data rich world. Google was just born, Amazon had its first crazy Christmas, Facebook did not exist and our phones were not so smart. The GDPR will bring data protection legislation into line with the ways that data is used today. The new regulations will give people more control over how their personal data is used, and businesses a clearer legal environment in which to operate. Jason Waldock Head of Information Technology jason@chartdev.co.uk In this guide we will outline a number of steps you can take to ensure that your company is prepared for the incoming regulations. JasonWaldock 2 2

3 The bottom line If you are compliant with the current legislation then the transition should not be too demanding, but you could well use this opportunity to review your data processes, from online data capture forms to marketing practices. The bottom line is that you should make sure the data you hold is secure; be aware of what data you hold and where it is, ensure you are open about why you are holding the data and are clear about which of the six available lawful bases you are using for processing data. In B2B marketing we rely on consent or legitimate interest 1. Consent, as defined by the GDPR, is unambiguous and involve a clear affirmative action to opt-in. It specifically bans pre-ticked opt-in boxes. It also requires individual ( granular ) consent options for distinct processing operations. Consent should be separate from other terms and conditions and should not generally be a precondition of signing up to a service. Consent Secure Storage Consent, as defined by the GDPR, is unambiguous and involve a clear affirmative action to opt-in

4 It is important that companies either: 1. Gain unambiguous consent from their most valued leads and customers before marketing to them, or: In the context of telemarketing, the Privacy and Electronic Communications Regulations 2003 (PECR) state you must use an opt-out consent regime for the UK. This should be taken care of by the Corporate Telephone Preference Service and the Telephone Preference Service (TPS/CTPS - the opt-out register for cold calls). With the right expertise on hand, finding the balance between your marketing needs as a company, and your customers rights, should be possible. We should mention that PECR will be replaced by eprivacy regulation but this has not yet been finalised. 2. Have a valid and legitimate interest for contacting them. Whilst inbound marketing strategies such as blogs, social media and search-engine-optimised websites are likely to be key to converting prospects into customers in a GDPR world, the incoming regulations do not necessarily mean an end to outbound marketing campaigns. Outsourcing to specialists who have both experience in the art of telemarketing and expertise in data protection regulations will mean that you will be both compliant with the GDPR and have the advantage of a dedicated telemarketing and lead generation service. In the context of telemarketing, t h e P r i v a c y a n d E l e c t r o n i c Communications Regulations 2003 (PECR) state you must use an opt-out consent regime for the UK. 4

5 Why complying is important An important distinction to make when considering preparation for GDPR is that between the controller and the processor of the data. A controller is the entity who determines the purpose, conditions and means of the processing of personal data, while the processor is the entity responsible for processing personal data on behalf of the controller. Data controller refers to a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data is, or is to be, processed. Data processor, in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller. In the current (1998) Data Protection Action (DPA) it is the controller, rather than the processor, who is liable for data protection compliance. The GDPR will shift this responsibility, placing direct statutory obligations on data processors (e.g. an external outsourced telemarketing company) and possibly making them liable or jointly liable to prosecution. Under the 1998 DPA, the maximum fine that the Information Commissioner s Office (ICO) could impose is 500,000. However, we have already seen an increase in smaller fines from ICO over the past 12 months including government bodies, large corporates, Small and medium-sized enterprises (SMEs) and even individuals. Under the GDPR, this maximum fine rises to up to 20 million Euros or 4% of a company s worldwide turnover (whichever is the greater) and the ICO now publishes any enforcements actions. The impact of this would be significant. A failure to comply could have a dramatic effect on a company s ongoing success, risking damage to both its finances and its reputation. Anita Turner Managing Director anita@chartdev.co.uk The introduction of the GDPR could actually result in your company marketing in a more targeted and, therefore, a more successful manner The consequences of failing to comply will be serious for both the controller and processor of the data, but this does not mean that marketing activity will suddenly cease in a post GDPR world. Indeed, with an informed strategy in place, shaped by consultation with experts in the field, the introduction of the GDPR could actually result in your company marketing in a more targeted and, therefore, a more successful manner. After all, the GDPR is just driving best practice. 5

6 Data management strategy Data is the bedrock of any telemarketing campaign, and in a GDPR world compliant data management is vital. There are three main areas of data management that need to be considered in the context of lead generation: data sourcing, data cleansing and data retention. Lead generation You should work in liaison with data protection experts to prepare your data collection strategy for the GDPR. Start by auditing your existing marketing data and assessing the personal data you hold, where it is held and what you need it for. Decide how you wish to use the data and ensure that it falls under legitimate use. Look carefully at your privacy notice (privacy policy) to ensure it is in line with the ICO s recommendations, and make sure the data subjects on your database are kept informed of how you are processing their data. This will need to be done as soon as possible using any consensual method of communicating with your clients you have. Contact them, outline the reasons for contacting them, summarise the advantages they will gain from continuing to be in your database and ask them if they consent to be contacted in future. Transparency and honesty are the keywords in this approach. This makes it essential that the data processor has an expertise in data protection. Data sourcing Data cleansing Data retention Data sourcing Before you even consider data sourcing, you will need to make sure you have a valid lawful basis to process personal data. This will come through your conversations with your data protection officer, who should have the knowledge to guide you or seek advice from a data specialist. Remember that you will need to make a case for the data you wish to collect and define the scope of the collection. A good data processor will already have robust and compliant data protection procedures in place. 6

7 Data cleansing Although it is not always necessary, data cleaning ensures that the data that has been sourced is correct and up-to-date. Under the GDPR, personal data should only be retained for as long as necessary, so it is important to regularly keep your data up to date to ensure the information held is accurate. One aspect of the GDPR that impacts on data retention is the requirement that data can only be held for as long as it is needed or agreed for the purposes of the campaign. As well as this, it is important to develop a strategy for ongoing database management that not only encompasses regular data cleansing, but also ensures that data is removed when not needed, or that if it is retained, you have the correct justifications in place. The key to this process is remembering that it is about quality and not quantity. Data retention The days of holding a massive amount of data just in case it might become useful are past. Personal data should not be kept for any longer than is strictly necessary for the purpose for which it is processed, so all personal data should be regarded as having an end date after which it should be deleted or destroyed securely. Preparation for the GDPR world requires a change of focus towards building strong relationships with customers on an individual and tailored basis, thus emphasising the importance of high-value leads. A good lead generation company can work with you to determine what data you need for particular campaigns and ensure that the subsequent retention of your data is undertaken in full compliance of the GDPR. 7

8 Need help? Our data protection expertise is available to our clients. We have the experience in data management to help you source, maintain and use your data in full compliance of the GDPR and in a way that allows you to meet and exceed your marketing requirements. We offer support with a tailored telemarketing strategy that is holistic, from sourcing the information you need, to contacting your potential customers, all whilst satisfying the requirements of current data legislation. To learn more about how we can help you comply with the GDPR Call today In conjunction with renowned data protection lawyer Mandy Webster, we have launched a suite of tools called Data Protection Byte-Sized to help SMEs move towards GDPR compliance. With our help you will find that regardless of the GDPR, you can still accelerate your business growth. About us For over 20 years Chartered Developments have been the driving force behind the lead generation campaigns of some of the UK s most successful companies, including members of the top 100 law firms, accountancy practices and FTSE companies. Today, we are a trusted name in the fields of data sourcing and optimisation, telemarketing, digital marketing and business development training. INTERESTED IN LEARNING MORE? Call us on for a fee initial consultation info@chartdev.co.uk 8