We use cookies to give you the best personal experience on our website. If you continue to use our site without changing your cookie settings, you agree we may place these cookies on your device. You can change your cookie settings at any time but if you do , you may lose some functionality on our website . More information can be found in our privacy policy.
Please provide more information.
Stylus no longer supports Internet Explorer 7, 8 or 9. Please upgrade to IE 11, Chrome, Safari, Firefox or Edge. This will ensure you have the best possible experience on the site.
Brief Published: 28 Nov 2017

GDPR Myth-Busting

GDPR Forum, London

The GDPR Forum in London aimed to demystify GDPR (General Data Protection Regulations), an act coming into force in the EU in May 2018. GDPR imposes new rules around the use of personal data, which includes the sort of consumer data collected and processed by businesses and start-ups. "It's going to change the way you interact both as an individual and as an organisation online," said David Lockie, Founder & Director of UK digital agency Pragmatic.

All the speakers agreed that GDPR offers a big opportunity for marketers to get ahead of the scare stories and use the new regulations as a way of building stronger relationships with consumers.

"[Brands and] agencies have a role to play in safeguarding the people who use the services we build," commented Lockie. "We have a responsibility to help you limit your risks."

Key takeaways for brands in any industry:

  • Put people and process first: "There is no turnkey tech solution to GDPR compliance," said IT lawyer Dan Hedley. As such, brands need to stop thinking that "IT will sort it out" and ensure the implications and opportunities of GDPR are embraced at every level of your business.
  • You may need a Data Protection Officer: Privacy Technologist and Entrepreneur Gilbert Hill claimed there is a shortfall of 30,000 in the UK in the run-up to GDPR becoming law. Brands need to create a space where the DPO "is empowered and has sufficient independence to avoid conflicts of interest," said Hill, and to "foster a culture where data privacy is an inside job, and valued."
  • Don't obsess over consent: Many see GDPR as an obstacle for data-driven marketing, as consent for companies to use consumer data must be "freely given" and "specific and informed." Hedley suggested this is something of a red herring, as there are five other bases for processing personal data that will cover most marketers' activities, including "legitimate interests" (i.e. you have a legitimate business need that necessitates data capture).
  • Be a superhero brand: "Businesses who grasp this challenge [of GDPR] will find that it gives them superbrand powers," commented Hill. They need to be transparent with consumers about what's happening with the data they process, inform them in accessible language (GDPR should put an end to impenetrable T&Cs), and be able to return that data if the customer opts out.

See Dimensions of Trust for more on effective use of consumer data in marketing and advertising.