We are now less than two months away from the day that has been striking fear into businesses across Europe (and beyond) for the best part of a year – 25th May 2018.
However, there is a particular aspect of the new regulation that many have overlooked, assigned a low priority to or simply ignored. The regulation is a comprehensive document containing 99 articles in total, but Article 5 (Principles relating to processing of personal data) appears to have slipped under the radars of many.
GDPR Article 5 (1) (d) requires that data be accurate and kept up to date or DELETED. Once the implementation phase of GDPR ends on May 25th and the regulation is enforceable, this will be law – no ifs, ands or buts.
‘‘(…) personal data shall be:
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;’’
There is no doubt that data has become an integral part of how many businesses function today, but it is crucial to ensure that this data is the RIGHT data.
Why lose customers and prospects altogether or cause your brand reputational damage by failing to comply with Article 5 when there is a simple solution? The truth is that data accuracy is no longer a nice-to-have but a necessity – it is something you MUST do.
The law is changing and GDPR takes a far stricter stance on data accuracy than its predecessor, the Data Protection Act; in addition to potentially incurring the wrath of consumers, failure to comply could result in a substantial fine from the ICO.
In the last 12 months the majority of businesses, and the media, have continued to panic and focus their attention on the consent aspect of GDPR, but the ICO is very clear that all clauses carry the same importance and weight. Hoping for the best and assuming that the term ‘reasonable steps’ justifies taking no action is naïve at best and arrogance at worst. Investing in a solution that ensures that data is kept clean and up to date on a regular basis, or even in real-time with Data as a Service products, is most certainly a reasonable step.
Recent ICO guidance confirms that postal marketing can be conducted using the basis of Legitimate Interest (LI) under GDPR. This will undoubtedly result in many more brands incorporating direct mail into their marketing mix over the coming year. It has therefore never been more important to ensure that postal data is accurate and up to date.
By continuing to market to the previous address of individuals who have relocated, you are not only wasting marketing budget that could be better spent elsewhere, but also losing contact with a customer that may subsequently become lapsed. Furthermore, the current occupants of that property will be far less likely to engage with a brand that is inundating them with a previous-tenant’s post.
In a similar respect, failing to screen for deceased contacts in your database is a similar waste of marketing spend, but more importantly one that has the potential to cause undue distress to the families of those still being contacted. Why risk tarnishing your brand’s reputation? Equally, why risk incurring penalties from the ICO for non-compliance?
It is not too late to take the necessary steps to ensure you are GDPR ready in relation to Article 5. Keeping data accurate by removing and keeping track of gone aways and screening for deceased individuals will not only be complying with GDPR, but also boost the performance of marketing campaigns and save time, money and resources by not marketing to people who will not receive the communication. Where GDPR is concerned, the message is clear – CLEAN it or LOSE it.