The GDPR changes are fast approaching and time is running out to prepare yourself and your data. GDPR is an important topic that you will need to know inside out for your business and marketing to succeed. CommuniGator can help you get fully prepared for its arrival. We are here to answer YOUR GDPR questions to arm you with everything you need to ensure you are compliant come May 2018. Find out how the new data law will affect your B2B marketing abilities. We answer all your questions with a Q&A section from our experts in the field – so you can really get to grips with the changes. We cover: - The good the bad and the ugly of GDPR - Your own checklist to becoming compliant - How to get your existing data ‘double opted-in’ - Answers to your burning questions!

1. John Mitchison
Head of Preference Services, Compliance and Legal
john.mitchison@dma.org.uk

2. John Mitchison
GDPR Changes Affecting Direct Marketing

3. v Talking points
• GDPR
• Brexit
• Questions

4. v
General Data Protection Regulation (GDPR)
• Existing DPA overdue for update
• 7 years in the making
• Becomes law in May 2018

5. v Highlights
• Expanded definition of Personal Data
• New Principles (6 not 8) Transparency, accountability
• Consent
• Privacy notices
• Legitimate Interest
• Recording consent and preferences
• Processors responsibilities
• Profiling (Tele-matching, Wealth Screening)
• Data Subject Rights
• Fines!

6. v Consent
Consent: Previous Position Consent: New Position
- Freely given, specific,
informed indication of the data
subject’s wishes
- Explicit consent required for
sensitive personal data only
-Freely given, specific, informed and
unambiguous indication of data
subject’s wishes
-Given either by a statement or a
clear affirmative action
- Burden of proof on controller to
demonstrate consent

7. v Consent
Written, including electronic or oral statement
• Includes
– Ticking a box when visiting an internet website
– Choosing technical settings
– By any other statement or conduct which clearly indicates acceptance
• Does Not include
– Silence
– Pre- ticked boxes
– Inactivity

8. v Information requirements in privacy policies
• Name and contact details of data controller
• Used for direct marketing purposes
• Third parties to which information passed on
– General third party no specific
• Transfers to countries outside Europe
• Length of time for which information kept for
• Data subject’s rights
– Subject Access, Opt Out, Portability,
• Information about profiling

9. v Privacy notices, transparency and control

10. v Private Eye and The Guardian

11. v Legitimate interests of data Controller
Alternative legal basis for processing personal data
• Do you have a relationship
• Weigh up the legitimate interest of the organisation with the
rights of the consumer
• Reasonable
• Provision of unsubscribe or opt-out normally satisfies test
• Must balance interest of company with that of consumer

12. v Processor’s liability and other obligations
• Data protection obligations now shared between controllers
and processors
• Processors subject to fines where they have not complied with
obligations under Regulation or acted outside instructions of
controller
• Appointment of DP officer if processing activities require
regular or large scale processing of sensitive personal data
– Training, skills
– Report to the board

13. v Profiling
• Right to unsubscribe/opt-out from decision based on
profiling, which produces legal effects concerning
the individual.
• A person can object to profiling for marketing /
fundraising at any time.
• Fair Processing – Wealth screening, Teleappend

14. v Data Subject Rights
• Right to erasure / to be forgotten
• Data portability
• Free Subject Access Request

15. v Enhanced sanctions
• Up to €20 million or 4 % of annual worldwide
turnover for other compliance failures in
respect of
- basic principles for processing
- data subjects rights
- transfers to third countries

16. What now for GDPR?
• Companies processing EU citizens data will still need
to apply the GDPR.
• Brexit unlikely to happen before May 2018 and so the
UK will need to comply with GDPR for a period of time.

17. v Brexit - What now for GDPR?

18. v DMA Guides

19. v DMA – GDPR
www.dma.org.uk/gdpr

20. v DMA – GDPR

21. v Brexit Q&A
www.dma.org.uk/article/what-brexit-means-for-marketers-q-a

22. v ICO – 12 Steps

23. v ICO – www.dpreform.org.uk

24. John Mitchison
Head of Preference Services, Compliance and Legal
john.mitchison@dma.org.uk

25. DMA & CommuniGator
EU GDPR

29. Today’s event serves only for informational purposes and is NOT
intended to be legal advice pertaining to the subject matter.
If you have additional questions on how this may affect your
organisation, you should consult your legal team or legal
representative.

30. • Our mission is simple. Enable businesses
to expand their email marketing lead
generation potential.
• We specialise in providing technology to
help you identify, nurture and qualify B2B
leads, meaning you can rapidly increase
sales.
• We know how to do it and do it well,
because we’ve been doing it for over 20
years.
Marketing Automation / Lead
Generation Specialists
• Delivering over 20 million emails per
week
• Technology platform or managed service
• Either buy it or we will host it for you
• Consultants on hand to help with your
lead generation marketing strategy
Independent & Privately Owned
• Based in Surrey, UK
• Young and dynamic
• Commercial terms for all budgets
• Project and product delivery
• Best practice as well as technology
• Dedicated Account Manager for all
• Unlimited technical support
• The HTML doctor

31. GatorMail GatorLeads GatorSocial GatorDocs GatorEvents
GatorExpress GatorInsights GatorCRM GatorData GatorSurveys
Marketing Automation &
Lead Generation Platform
14 DAY ALL
ACCESS FREE
TRIAL

36. Largest marketing community in Europe
The authority on marketing information
Self-regulatory body for one-to-one marketing
Shaping the future of the industry
Recognising innovation, best practice and excellence

38. • When does it all kick in?
• What are the penalities?
• Can I still market to my customers?
• What about my opt out database?
• Will BREXIT Help?
• Do we need a data protection officer?
• Does it only apply to email?
• What about my engaged data?
• I need to learn the lingo!

39. PERSONAL DATA
Any information related to a person or 'Data Subject' that can be used to identify the person.
DATA SECRUITY
In the event of a data breach an organisation must alert the authorities no later than 72 hours post breach
COMPLIANCE
You must clearly state how and why the processing of personal data using legitimate interest is justified.
ENFORCEMENT AND FINES
1. 10 million Euros or 2% of global turnover
2. 20 Million Euros or 4% of global turnover
CONSENT FOR MARKETING
Electronically or verbally recorded and provable
Legitimate interest and opt out clauses

40. Step 1: Define your privacy/cookie/consent statements
Step 2: Start the opt-in process with your existing data
Step 3: Purchase data now and work on opting in

44. Step 1: Define your consent statements
Step 2: Start the opt-in process with your existing data
Step 3: Purchase data now and work on opting in

50. CUSTOMERS
ASSET FORM FILLED BUT NO OPT IN
ENGAGED IN LAST 12 MONTHS
SALES REQUESTS
DATABASE OPT IN

53. Click =
YES
OPT IN
WORKFLOW

55. COLD UNENGAGED DATA: 0.93%-
COLD ENGAGED DATA: 6.49%-
WARM DATA: 11%-
HOT DATA: 17.24%-

58. Update your cookie and privacy policy
Check your consent statement with your legal team
Set up campaigns to target those with implied consent
Purchase targeted data and increase your opt in database-

60. To ensure that the consent to use personal data meets the Regulatory requirement it must be “FREELY GIVEN ”. The precise wording is:
We must make absolutely clear (transparent and obvious) in the fair processing of information how an individual can exercise the right to object &
opt-out of direct marketing. Using the below guidelines, it is our intent to help you achieve this.
However, as we are not a legal company, this document and suggested wording within it are just that; suggestions.
The consent statement is vital to the process of getting contacts legally opted-in to your communications. It needs to be upfront and transparent
whether you are getting contacts from form fills or emailing your current database trying to get them to opt-in.
The one we use and recommend is, in essence, a ‘catch all’. However, this requires you to update your privacy policy and cookie policy (the latter
you need to do anyway) to make this method viable. We are also in a position whereby we can ‘bundle’ in our communications under one
statement as we only send one type of communication – marketing related material. If this wasn’t the case then we would need to be transparent
as to what we want to send. This would need to be done upfront, not once the details are submitted.

64. 2. What does UTM stand for?
1. What day, month & year does the GDPR come into force?
3. Name 4 things in a content treasure box
4. Name the 4 tiers of content
5. What is the average conversion of a landing page form fill

66. THANK YOU!
CommuniGator.co.uk