What are the key areas you need to consider when collecting personal data to use for marketing purposes? Data compliance specialist Jenny Moseley (Owner of Opt-4) gives her top 5 tips.
I am starting a new business in the UK where I will be collecting data for marketing purposes, by myself and potential affinity partners (some of whom are outside Europe), can you tell me the top 5 things I should be aware of in order to be compliant under data protection legislation?
You are wise to consider compliance under the privacy legislation as part of your advance business planning. If you get it right at the start you’ll have a much easier time than trying to put it all in order when you are a year or two into your business. As one of our clients has said “Prevention is the cure”.
So here are 5 of the top issues you should consider, though there are, of course, many more.
Consider what data you wish to collect and what you want to do with it, both now and in the future. This is the corner stone of a good compliance and my top 5 pointers come out of that strategy.
- Notify your intentions with the Information Commissioner www.ico.org.uk. This process has been significantly simplified but you will also be asked whether you have sufficient security in place to ensure the safety of the data you are processing; you will also have to notify to the effect that you will disclose that data to companies outside of the European Economic Area.
- Consider who will be the Data Controller if collecting data for more than one organisation. That could be yourself, or joint control with your affinity partners. If they are abroad, your arrangements with them should specify which data protection law will prevail.
- Develop a permission management system for the storage of your data with sufficient flags to show you now and in the future how your permissions have been collected and using what statements.
- Demonstrate to your customer that you respect their choices, keep them accurate and up to date and use best practice in all your dealings with them.
A clear business and permissions strategy when well executed can add considerable value to your data assets.
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.