2018 Everon Creative
November 13, 2018 / By Ryan Hirst
Protect Your Data and Stay On The ICO’s Good List This Christmas
This time of year is when you will begin to see a number of organisations boosting their marketing strategies by using their existing customer data to sell more products during the popular sale periods. The festive period is a crucial time for sectors of the manufacturing and technology business as many of their internet-based products will appear on Christmas wish-lists across Europe.
As the spirit of goodwill grows throughout the holiday season it presents perhaps the best fund-raising opportunities for organisations that rely on charitable donations.
Due to the recent GDPR regulations enforced on the 25th of May 2018, many questions have risen regarding the levels of compliance. Not everyone can be an expert when it comes to GDPR compliance, but that doesn’t mean you should ignore data protection and privacy, especially if you’re running marketing campaigns during the festive season.
The Peak Time For Shoppers
A retail planner will only need to glace at their planning calendar to identify several significant dates that all occur in a very short space of time:
- Black Friday
- Cyber Monday
- The Run Up To Christmas
- Boxing Day To January
Retailers are known to spend millions every year on their marketing campaigns to make sure that their products are displayed during the festive season. Last year John Lewis spent around £1m shooting their annual Christmas advert and a further £6m on their marking, in-store advertising and TV slots during advert-breaks. A lot of the promotional activity will be targeted to specific individuals based on existing data that has been collected. It is important that a business can demonstrate that the data used in their marketing has been collected in an honest and transparent manner, along with the necessary consent to advertise their products or services.
One regulation that is outlined under GDPR which should be considered during the festive period might be data retention. GDPR states that you should keep an individual’s data “only for as long as it is necessary”. Christmas is a time when a lot of people will take to the internet to do their shopping, but many people will only take to the internet on an annual basis to do their shopping. This raises the question of how long is appropriate to store a person’s data? This is a question that can only be answered by yourself, based on the campaigns your business has run.
GDPR Key Points
If a company is wanting to collect personal data they need to make it clear what they are going to do with the data and make sure they have absolute consent for keeping it. The company also shouldn’t use unlawful profiling techniques to try identify which customers may be deemed more generous.
If a company deals with a large scale of personal data, then it is likely that it will also be required to appoint a Data Protection Officer. This is a problem for organisations that rely primarily on charitable donations.
The Christmas period is a very important time for charities. It is a time when people think about others and wish to spread the festive spirit around with 6 out of 10 people donating to a charity at Christmas. However, charities have been hard hit by the Information Commissioner’s Office in recent times, with several well-known institutions being subject to substantial fines.
It isn’t just small to medium businesses that need to take these precautions, even large businesses such as Apple need to as well. Many gifts purchased at Christmas will be internet based, whether that be wearable technology, household items or even children’s toys. This technology has the ability to transfer data relating to your health, behavioural patterns, videos and photography, to and from the device. In some EU countries, the use of some of these devices by children is already restricted.
If a manufacturer of an internet-based device doesn’t consider the restrictions which are now in place, it could cause their organisation to face major implications in the future.
This kind of information is considered sensitive and as such requires explicit consent from the individual to be processed in this way.
If you have any further questions relating to the topic raised above then don’t hesitate to contact a member of our team today!