What’s happening on 25th May 2018?

  • It’s Julian Clary’s 58th birthday
  • It’s 41 years since Star Wars was released
  • GDPR replaces the current DPA

Cause for celebration all round? Maybe – but certainly, cause for preparation – and we don’t mean saving up to buy Julian Clary’s dog a diamante collar.

So – there’s less than a year to go and it makes absolute business sense to Be Prepared, exactly as the scout motto says. Don’t subscribe to lastminute.com; you’ll only regret it.

And what does GDPR stand for? General Data Protection Regulation, which replaces the Data Protection Act (DPA).

See here for the blog we wrote earlier which explains its evolution.

In brief, the GDPR concerns the rights people have over their personal data*. The DPA has become outdated since technology has progressed so rapidly in the past few years and so much business is carried out online. The new regulations aim to streamline data protection across Europe so that, no matter which country you trade with, or in which country your data is held, there’s consistency in the way data is handled. Helpful for businesses. Reassuring for individuals.

By the way, the fact that we are in the process of leaving the EU makes no difference because the GDPR applies to every business which holds or processes the data of EU citizens. If we want to trade in Europe then we will be obliged to show that UK standards are equivalent to the EU’s GDPR framework. Additionally, GDPR will become mandatory in the UK so even if you don’t trade overseas, it will apply to you.

There’s plenty to be getting on with in the meantime, meticulously outlined by the Information Commissioner’s Office (ICO). Here are five things you could put on your To Do List in the next few weeks. We’ll suggest more in subsequent blogs about GDPR.

  1. Appoint a data protection officer – crucial. It’s vital that someone takes the lead in this matter, otherwise there’s a danger it will be lost in the piles of other policies every company has to deal with. And, that someone should report to a board member or ideally be a board member.
  2. Raise awareness you may know about the impending change in regulations but do all the key decision-makers in your company?
  3. Organise an information auditunless you know the current personal data situation in your company (Whose data? Where from? How shared? To whom?) how can you possibly plan for the future?
  4. Check procedures – do they cover the new rights individuals will have?
  5. Plan timetable to amend privacy notices – make sure they will meet the new requirements in plenty of time for GDPR.

At Mailing Expert, we’re ahead of the game. Why not join us? Together we can make this happen.

 

Mailing Expert

 

* personal data is not only an individual’s name & address it is anything that identifies an individual from other information, including physical characteristics, pseudonyms, occupation, address, email et cetera or a combination of identification elements; that means business contacts too.

The wonderful world of variable data

“Variety’s the very spice of life, that gives it all its flavour.”

There’s that quote that we know so well, in its entirety – and a congratulatory pat on the back for anyone who knows who it’s by (without looking it up on Google!)[1] With any direct mailing you undertake, variable data can really increase the effectiveness of your campaign – add flavour to it, you could say.  Let Mailing Expert tell you how.

So what is variable data?

No, variable data is NOT the same as alternative facts, a phrase which is all too current at the moment.  In this context, we are talking about variable data printing, commonly abbreviated to VDP.   VDP makes use of digital technology to link print engines to databases which contain content for printed documents. It makes changes to pieces of print automatically – with no manual steps – as they are being printed, allowing you to personalise your communication with ease by varying text details, images, colour schemes, charts…you name it, if it can be printed, you can change it. It’s a technique that is closely related to mail merge, but VDP allows changes to text, graphics and layout.

Why use VDP?

Well, do you want more sales, higher returns and an exponential rise in customer loyalty? Would you like better targeted communications filled with relevant information? There are many marketing studies which show categorically that personalising communications really can boost their effectiveness.

By ‘personalising communications’ we don’t just mean putting ‘Dear Katie’ at the top instead of ‘Dear Valued Customer’.  In a 2014 survey,[2] it was revealed that 63% of people receive so many name-personalised messages that it has ceased to have any impact. Your intended audience needs something more and better now – like VDP.

How can VDP help?

Imagine you were launching a new range of clothing for children.  With VDP, each DM flyer you send out can be customised to appeal directly to the intended recipient.  It goes without saying that names and addresses will be different for each one (as in mail merge).  The brilliant thing about VDP is that with a diligently-populated database which has captured the ages, sex and ethnicity of children, in just one print run, you could produce flyers that target parents of 10 year-old girls…or baby boys…or families with Chinese heritage…or any other attribute you have researched and stored.  Of course, this all relies on the content of the database… In the example we’re using, you’ll need a whole portfolio of images showing all sorts of children wearing your clothes range.

What about populating databases?

That’s the tedious bit, isn’t it? If you’re using variable data, then it must be stored in the database in the first place.  In most cases, this has to be inserted manually, though some computer programs can gather bulk information from different sources and transfer it directly.  Your data can come from many areas of customer contact – from call centre enquiries, your website and from sales activity.  Nevertheless, at each point, someone has to put in the information and all the colour choices, fonts and images to appeal to different demographics.  And once done, of course, it has to be kept up to date.  There’s nothing worse for your company image than sending a DM with incorrect or irrelevant information.

So is it all worth it in the end?

Here at Mailing Expert, we would say a resounding YES! More statistics, if you’re not convinced:

  • 74% of marketers report that personalisation increases customer engagement leading to improving conversions[3]
  • 84% report better customer loyalty and retention[4]

SO…start filling in that database – or better still, give us a call and we’ll tell you how we can help you.

 

Mailing Expert

 

[1] William Cowper. From his 1785 poem, ‘The Task’

[2] Conducted by digital messaging platform, Lyris

[3] Econsultancy research

[4] ExactTarget

New data protection legislation from the EU

We all love a bit of legislation, especially when it’s contained in a 204 page directive from the EU. In the spirit of customer service, here’s a summary of the reforms to save you endless nights of tedious bedtime reading. We aim to please.

The 1985 Data Protection Act Directive and the 1998 Data Protection Act

Just to bring us up to speed. In the latter part of the 20th century it became apparent that most companies and organisations – individuals too – were storing and processing personal information on computers. While this has many advantages as far as speed and efficiency goes, it leaves us vulnerable because this data may be accessed by others without our knowledge or permission. Unscrupulous people could misuse it – use it for commercial advantage, identity theft for criminal purposes or sell it on to a third party for financial gain.

The 1985 Data Protection Directive was created to control the way such information is handled and to give some legal rights to people who have information stored about them. It was implemented into UK law by the 1998 Data Protection Act. The problem with the 1995 Data Protection Directive was that each Member State could implement it into their own national law in a slightly different way so each Member State had their own set of rules and since people often have data stored in many countries, as they say, things got complicated…

So now the 2016 EU Legislation

Designed to establish one set of rules across Europe, with a European Data Protection Board to ensure a common interpretation across all the national data protection authorities, it should make it more straightforward for everyone to do business outside their home country. It heralds the arrival of an era of renewed accountability and transparency, which can only be applauded.

It consists of two parts:

The General Data Protection Regulation (GDPR) – allowing individuals to have more control over their personal data, reducing regulation and enhancing trust so everyone can make the most of the opportunities afforded by the Digital Single Market.

The Criminal Justice Directive – concerned with Europe-wide cooperation with criminal investigations and law enforcement, leading to more effective anti-crime and anti-terrorism.
Political agreement on the test has been reached; it will become law very shortly; enforcement will start in 2018. It’s something for which you must prepare because penalties for breaches will be HUGE – figures flying about are fines of €20 million or 4% of a business’s global gross revenue. Ouch!

What it means for you – in a nutshell

N.B. This is not comprehensive. It covers the aspects that we consider have most bearing on the direct marketing aspect of your business.

The definition of personal data – any information which allows anyone to identify a person, so aside from the obvious name, address andn ID numbers, this now includes such things as cookies and IP addresses if they lead back to a person.

Consent – agreeing to data collection and use doesn’t need to be explicit but it must be unambiguous – a subtle distinction? It must be clear why you require the data. Your privacy notices and policies must be tip-top, accessible and transparent. Consent must be acquired by a “clear affirmative action.” No action, silence and use of pre-ticked boxes will not count as consent. Withdrawing consent should be just as easy as giving it.

Profiling – that’s to say, using the data to determine particular criteria about individuals – like personal preferences or location. This is an important tool in DM. It looks as though consent must have been obtained in the first instance.

Legitimate Interest – use of data for DM is considered to be legitimate (phew!) – that is, unless what you intend to do breaches the fundamentals human rights and freedoms of the subject, particularly in the case of children.

Data Protection Officer – it will be mandatory to appoint one if your organisation is engaged in regular and systematic monitoring of data subjects on a large scale or processing sensitive personal data. We will have to find out what this means from the guidance which will be issued in the next two years. At one point in the discussions, this ruling was only applicable to companies with more than 250 employees, now it’s any organisation which meets the above criteria. The appointed person must know about data protection law and practices to a level suitable for the role within a particular company. Even if your organisation does not have to appoint one compulsorily, it may decide to appoint one anyway.

Privacy Risk Impact Assessments – data controllers must take robust precautions before embarking on higher-risk data-processing activities to minimise the risk to their data subjects. This might include encryption, establishing resilient systems and regular evaluation to ensure security is fit for purpose.

Notification of breaches – “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.” If the breach is going to impact on the rights and freedoms of individuals then ‘the appropriate supervisory authority’ must be notified within 72 hours, and the data subjects must be told, ‘without undue delay.’ Data processors and must inform data controllers are both obliged to notify

Liability of data processors – data processors will have direct obligations under the Regulation and will not be able to hide behind data controllers.

Have you lost the will to live now? Our apologies. The trouble is, it IS something we all have to grasp before it’s too late. These are regulations we will be implementing at Mailing Expert – for YOUR protection as well as ours.

Deep breaths, everyone!MEL LogoEX