Everything you wanted to know about GDPR but were afraid to ask...

For many years, the use of customer data by businesses and creative agencies like SHARP has been the cornerstone of brand marketing, especially direct mail and email. However, in just a few weeks, the digital data landscape will change forever with the arrival of the GDPR.

There are many questions and confusions – hopefully this blog can answer many of them and get your business GDPR ready.


I’ve been living under a rock. What’s GDPR?

GDPR is the General Data Protection Regulation that is coming into force on 25th May 2018 for all EU countries. It’s replacing the 1995 Data Protection Directive.


So why the update?

The world looked very different back in 1995. The Spice Girls were in the charts, Hollyoaks had just started, and no one had heard of the harvesting of personal data.

And why would they? The greatest difference between 1995 and 2018 is that today we are pretty much connected 24/7 – smart phones, smart watches, smart TVs, smart homes, smart cars, smart everything. This means we generate huge amounts of digital data that can be collected and used to identify us.

With the seemingly endless data leaks and breaches, and recently the Facebook Cambridge Analytica scandal, there is clearly a need for a more robust system in place to protect our personal data.

It’s smart regulation for the smart era.


Is there much difference between the new and old regulation? 

Key changes can be found here, but in summary, GDPR gives:

  • Greater protection, more rights and easier access for individuals to obtain the data held about them.
  • Businesses who hold personal data have more significant obligations and responsibilities.
  • Failure to comply with the regulations will incur hefty fines.


What are the greater protections and rights for individuals?

One word – consent.

Consent will change everything. Pre-GDPR, businesses could collect, store and use your personal information or sensitive personal data how they saw fit. With GDPR, everything regarding your information and data will need your permission.

Key bits to know:

  • Personal information includes your name, date of birth, and postal or even IP addresses. Basically anything that can be used to identify you.
  • Sensitive personal data includes things like religious beliefs, political opinions, sexual orientation – yes, it really is this vast and in-depth.
  • Businesses can only collect your information and data with your consent.
  • You can withdraw your consent at any time and it must be easy to do so.
  • You can easily access the information and data held about you.
  • Your consent can never be assumed – silent consent, pre-ticked boxes or failure to object will no longer be considered as you giving permission.


Sounds good for me. But for my business marketing… I’m freaking out!

Don’t panic. Keep calm and carry on – not blindly collecting data that is, but wisely, efficiently, and legally.

GDPR isn’t as scary from a marketing point of view as it sounds. Yes, direct marketers need data – they use it all the time to get the right brand messaging to the right audience. Some of this data will no longer be useable. But what remains will be better. 

In fact, GDPR may very well be a blessing – businesses will now use the data they have to market smarter, target with greater accuracy, and waste less money on dead leads increasing ROI. Think of it as separating the wheat from the chaff.

Take the following stats as an example: 42% of B2B marketers believe that a lack of quality contact data is the single biggest barrier to lead generation, as do 51% of email marketers. If GDPR forces businesses to improve the quality of their contact data, then acquisition ratios are likely improve. That’s a good thing, no?


OK, I’m seeing the positives. But what are these new obligations for businesses?

In a nutshell, it’s a lot more bookkeeping and transparency.

  • Businesses must be able to prove the data they hold on an individual was given with their consent. This means marketing must keep a record.
  • You must make it easy for individuals to a) get access to their information and b) withdraw their consent at any time.
  • Consent should only cover the purpose the consent is given for – for example, a Facebook competition.
  • If you want to use the data for something else, like another campaign, then you need to get further consent.
  • You can no longer use pre-ticked boxes to get consent.
  • You can’t assume consent is given – you must actively obtain it.


You mentioned hefty fines?

Yes – if you don’t comply with the principles of GDPR then you better be ready to cough-up. Here are the figures:

  • The fines are tiered.
  • For serious breaches, you can be fined up to 4% of your annual global turnover or €20 million (whichever is the greater number).
  • ‘Serious breaches’ include not getting consent or by violating Privacy by Design (failing to approach projects with privacy at the forefront of compliance).
  • For lesser offences, a business may be fined 2% of their turnover.
  • These ‘lesser offences’ include failure to keep your records in order, or failing to tell an individual about a breach of their privacy.


GDPR is an EU regulation. Will Brexit change this law in the UK?

Short answer – no.

In the event of Brexit, the UK’s own new Data Protection Bill will come into force. This includes all the provisions of the GDPR, with a few small changes.

You should consider GDPR as the new norm for all UK marketers, whether we are in Europe or out of it.


Crikey. Should I get moving on this whole GDPR thing then?

Did you not read any of the above? Yes, get on it! You have until 25th May.

Hopefully, this has helped you understand GDPR and its significant impact on marketing. But it’s not all doom and gloom. It’s a change for the better.

It’s a chance to make stronger connections with your customers through interaction that’s consented, with a relationship through choice, one that is welcomed and (with the right planning and execution) could transform your marketing ROI.

TL;DR? Simply watch the below vid to get a brief summary of what the GDPR means... 


Picture of Alex Allston, Senior Copywriter at The Sharp Agency

Alex Allston

Senior Copywriter