The General Data Protection Regulation (GDPR) is an EU data protection law, which came into force in 2018.
Cited as being the ‘toughest privacy and security law in the world’, the legislation struck fear into the marketing community, who, alongside legal teams, scrambled to ensure the data they held on their customers and prospects met the strict rules before the deadline, which, if not adhered to, could result in huge fines.
If you can’t remember the time the GDPR deadline was creeping up on businesses, you might recall receiving thousands of emails from companies you were a customer or prospect of, asking you if you’d like to continue to remain opted-in to marketing communications. It probably annoyed you. You probably didn’t respond, and as a result, never heard from that company again.
As a marketer, clients were concerned that they could land themselves in hot water by not following these procedures, and there were a lot of questions about how the data they held could be used for future marketing campaigns. Marketers also lost a lot of data if contacts didn’t implicitly express they wished to remain in their database. It was a bit of a mad time.
Businesses invested a great deal of time and effort into implementing policies and procedures to ensure they were compliant with GDPR. The rules cover not only businesses operating in the EU, but also any business that collects data on anyone based in the EU, regardless of the business location. After the UK departed from the EU, this meant that businesses in the UK still needed to adhere to this legislation.
Now, the UK government has decided that they want to come up with its own data privacy laws, replacing GDPR. But what could this change mean for businesses, and their marketing team?
What could replacing GDPR mean for UK businesses?
The secretary of state, Michelle Donelan, stated that the government is ‘taking aim at bureaucratic EU “red tape” that is responsible for current U.K. rules being a disproportionate burden for small businesses as a result of a “one-size-fits-all” approach in the GDPR’.
Furthermore, the government has touted the replacement of GDPR as an opportunity to ‘help unlock economic growth by boosting businesses’ profits’.
However, it’s not exactly clear how it would accomplish that.
The burden of Brexit has already increased red tape (and costs) for companies who want to continue to trade with their closest neighbours. There are fears that this new UK-only legislation will increase this burden further, for a number of reasons.
- Any business wanting to continue to provide its products and services to customers residing in the EU will still need to adhere to GDPR
- Businesses will need to invest time and resources in implementing the new UK data privacy legislation
- Deregulation is not a good thing for consumers – robust data and privacy rules exist for a reason, and those not willing to comply with GDPR may be seen as less trustworthy, or lose out on contracts with EU-based partners if the UK’s legislation is seen to be insufficient
- In addition to legal departments, marketing teams, in particular, will be impacted, as they need to effectively re-audit all of the data they hold, and what they can do with it (for example, email marketing databases and remarketing lists)
And it’s not just me that thinks this is an awful idea.
Marketing Week reported that several marketing trade organisations and experts are worried about the implications of introducing new, and entirely unjustifiable, data privacy legislation.
Gartner’s research vice president, Andrew Fran explained why new legislation could further increase barriers to trade:
“Despite the UK government’s emphasis on making things simpler for businesses, the more regulations diverge from the EU and other geographies, the more costly and difficult it becomes for global brands to rationalise their approach across borders.”
Director of legal and public affairs, Richard Lindsay from The Institute of Practitioners in Advertising (IPA) highlighted the resources businesses had already had to put into GDPR four years ago:
“Whether you like the GDPR or not, we have had several years to get to grips with it and businesses have spent considerable sums of money and invested a lot of time and effort in doing so.”
When it comes to the fact that the UK government has no real mandate for implementing a new data privacy policy that replaces GDPR, the Advertising Association (AA)’s director of policy research Konrad Shek said:
“The EU remains our largest market and to that end, maintaining data adequacy is paramount to the advertising and marketing industry. Hence, any improvements to the UK GDPR need to be evidence backed and not driven purely for the sake of seeking divergence.”
Ultimately, we will have to wait and see exactly what changes the UK government is proposing. But for now, many marketers will be anxious while we wait for further details to emerge.