fbpx

Monthly Archives: February 2018

Home » Archives for February 2018
20 02, 2018

GDPR is changing e-privacy and electronic marketing – stay on the right side of the law

By |2019-01-30T21:20:47+00:00February 20th, 2018|Blog|0 Comments

Email marketing regulations state that you can only carry out unsolicited electronic marketing if the person you’re targeting has given you their consent. This guiding principle is not expected to change. However, the scope of privacy regulations is likely to extend to include Business 2 Business (B2C) as well as Business 2 Consumer (B2C) because of changes to the definition of personal data.

This is because Privacy and Electronic Communications Regulations (PECR) that govern electronic marketing are in the process of being updated in line with the new General Data Protection Regulation (GDPR.)

Before GDPR the rules about emails for individuals didn’t apply to emails sent to organisations. In May next year GDPR’s wider definition of personal data will include data relating to a person at their business. This means there will be no distinction between B2B personal data and B2C data. When sending marketing emails to businesses you will now need to use the consent principle or ‘soft opt in’ principle in the same way that you do with individuals. Giving businesses an ‘opt out’ option will no longer be sufficient.

Everyone sending marketing communications needs to understand the rules around consent which are stricter in line with GDPR. You will need to provide comprehensive information (specific, informed) about what the person is consenting to, as well as ensuring they wouldn’t be disadvantaged if they didn’t consent (freely given). There must also be no doubt as to what they are consenting to (unambiguous) and no doubt as to whether they have actually given consent (clear affirmative action.)

Exceptions to the consent rule still fall under the ‘soft opt in’ which means sending an opt in email. It is allowed if the following three conditions are met: 1) when the buyer gives you contact details while making a purchase or negotiating a sale, 2) you are marketing a similar product or service and 3) there is a simple unsubscribe option at the bottom of each email so that a potential buyer can refuse marketing at any point.

consent

GDPR regards opt in emails or other soft opt in measures as a legitimate interest which is the legal basis for sending direct marketing electronically. It covers email, SMS, social media and instant messaging apps. But you need to be clear from the start when collecting personal data which electronic channel you will be using and make sure your marketing communications are relevant.

Legitimate interest may arise where consent is not viable or not preferred, although the organisations will still need to show that there is a balance of interests – their own and those of the person receiving the marketing. With electronic communications an unsubscribe link is simple to implement in cases of soft opt in by known customers.

When you send an electronic marketing message, you must identify yourself and provide a valid contact address. You must also have a complaints process in place.

If you are uncertain about how to make sure you have got valid consent, use an opt-in box on the email rather than an opt-out one.

You must then keep a list of people who have opted-out and screen lists to make sure you do not email them in future.

At the moment the Information Commissioner’s Office will consider issuing a fine of up to £500,000, where an organisation persistently ignores individuals’ objections to marketing.

However breaches of the new e-Privacy Regulation may attract fines of up to 4% of annual worldwide turnover, just like GDPR. It is not clear when the new regulation will take effect: a target date was set of May 2018 in line with GDPR but this is likely to slip into early 2019, giving you a little more time to prepare.

opt in email

6 02, 2018

Record CCTV footage carefully and store it safely to comply with GDPR

By |2019-01-30T21:20:47+00:00February 6th, 2018|Blog, Content|0 Comments

Personal data according to the general data protection regulation (GDPR) refers to anything that can identify an individual including CCTV cameras. Footage can be used as surveillance to deter or identify intruders and if so, must be available to the Police as required. It must be stored securely and encrypted wherever possible.

GDPR is a new European regulation governing data protection but the UK is introducing a very similar piece of legislation which will apply after Brexit. Personal data includes CCTV footage, email marketing, social media posts, names including newsletter recipients, European cloud storage, IP addresses for websites as well as data already in scope under existing data protection law. GDPR is overseen by the Information Commissioner’s Office (ICO.)

It allows individuals to request a copy of any CCTV footage where they are clearly identifiable. If the request is valid, the organisation must show the footage to the individual within 30 days. GDPR will take effect in just over three months’ time on 25 May this year, 2018, and businesses need to be ready. It is very important that organisations get the use of data right because they can face fines of up to 20 million Euros or 4% of global turnover if they get it wrong. GDPR is overseen by the Information Commissioner’s Office (ICO) who set the fines.

Individuals must give active consent that is, ‘freely given, specific, informed and unambiguous’ so implied consent will no longer be sufficient. Organisations must make CCTV cameras very obvious and may need to obtain further explicit consent from individuals to record them.

CCTV footage

Security operator looking at CCTV footage

To remain on the right side of the law, organisations must make sure that they can switch CCTV on and off and access a specific recording upon request. Footage and sound recordings should be captured separately to avoid being excessive and must be stored securely. Take care with sound recordings because it is intrusive to record conversations of staff or the public unless there is a strong and explicit justification which is unusual.

Access to footage and sound should be restricted and safeguards need to be in place to prevent interception and unauthorised access.  Footage should be deleted when it’s no longer necessary.

All CCTV footage needs to be underpinned by a written information retention policy that is understood by all operatives. Staff need to know how to respond to requests from individuals for access to footage and recordings. Individuals also need to know if they are in an area covered by CCTV and that they have a right to access recordings and footage.

CCTV camera

CCTV security cameras must be clearly visible

1 02, 2018

How to remain GDPR compliant – protect your data

By |2019-01-30T21:20:48+00:00February 1st, 2018|Blog, Content|0 Comments

Currently data in the UK is regulated by the Data Protection Act 1998 that followed the 1995 EU data protection directive. However, this is now being superseded by the EU General Data Protection Regulation which brings the law up to speed with new ways that data is being used. There will be tougher fines for breaches of data protection and the regulation gives individuals more say over what companies do with their data. GDPR standardises practice throughout the EU.

Even after Brexit if UK companies want to trade with companies in the EU, they will have to comply with GDPR and the UK is introducing a very similar piece of legislation. Personal data includes email marketing, social media posts, names including newsletter recipients, European cloud storage, IP addresses for websites as well as spreadsheets, photos, CCTV footage and documents.

data protection

Personal data is data that identifies a person, data under the Data Protection Act will fall under the scope of GDPR. People can ask for data at reasonable intervals and controllers have a month to respond. Controllers and processors should explain why the data is being processed, how long it will be kept and who will see it. An individual can ask for the data to be corrected or completed if they think it is incomplete or contains errors.

You need to get active consent from everyone you hold data about and you need to be prepared to delete files as required. Failure to opt-out no longer defaults to consent. Consent must be explicit and intentional. Consent gained before GDPR became law must meet the new high standard to be current. If you are in doubt, get updated active consent from all your subjects to ensure GDPR compliance.

Individuals can request that their data is deleted after it has been used which is called the ‘right to be forgotten.’ The same rule applies if they withdraw consent or dislike the way it is being processed. The controller is responsible for telling Google, for example, to delete links to copies of the data and copies of the data itself.

Businesses such as Google and Facebook share user data. GDPR has been introduced to regulate this to build trust and standardise data protection across the EU. This should reduce legal fees considerably.

GDPR will take effect across the EU from 25 May 2018 in its current form without the need for Member States to introduce their own national legislation. It applies to controllers of data who have strategic oversight of the data (such as a government) and processors (often IT companies) who process it. Controllers can be liable for a breach by one of their processors.

The clock is ticking before GDPR takes effect.

Controllers need to check that personal data is processed lawfully, transparently and for a specific purpose. When it is no longer needed, it should be deleted. Controllers need to record active consent to keep the data which can be withdrawn at any time.

Data breaches

Data breaches in the UK need to be reported within 72 hours to the Information Commissioner’s office. You should explain what data has been exposed, what impact this will have for the people involved and what steps you’ve taken in response to the breach. You must also tell the people affected or face a hefty fine. Fines are becoming much bigger and are often 2% of annual turnover rising to 4% if a controller or processor does not follow procedures. Fines still need to be proportionate and evidence of compliance with GDPR will show good faith and should reduce the fine.

Working with DDworld to produce my website has been a joy and so straightforward. Nicola understood the business well and created a website that reflects it brilliantly. Communication was excellent and nothing too much trouble to sort out. I would definitely work with them again. Louise (LB Physio)
Louise Brown
Louise Brown
12:13 31 Jul 19
A great company to help maximise your SEO they take the time to understand your business and what you want to achieve. Highly recommended
Greg Garrod-Bell
Greg Garrod-Bell
14:26 12 Jul 19
Excellent service from this company they take the time to understand your business and make it easy to understand how they can maximise your on line profile and manage the costs
Carter Revivals Ltd Carter Revivals Ltd
Carter Revivals Ltd Carter Revivals Ltd
14:21 12 Jul 19
I got some great guidance and advice on SEO and the website , recommended.
Ricky Purnell
Ricky Purnell
15:21 14 Jun 19
Digital Web World helped with some last minute design for a large government funding proposal. They listened carefully and responded with exactly what was needed in a very short timescale. Highly recommended.
Marina Norris
Marina Norris
10:20 06 Jun 19
Digital Web World helped me to set-up and market a new online magazine with two weeks. Stephen Clark was patient and knowledgeable helping me achieve this quickly. A full recommend.
Howard Clark
Howard Clark
10:24 08 Feb 19
Digital Web World is a dynamic, professional, commercial, digital marketing business where the client always comes first. Stephen Clark, founder and MD, is exacting, conscientious, and personable. He makes sure that all his B2B customers receive the highest possible standard of service from every member of his team.Superb copywriting service and great customer care. The copy they write is clear, concise, accurate and optimised for the internet with very good SEO. Good keywords make sure that the articles come up in organic searches which complements pay per click advertising. Customers and B2B clients benefit from information provided by the Digital Web World blog and often want their own bespoke news page. Digital Web World understand that time is scarce for directors in business. They work with a minimum of supervision and meet our deadlines every day.
Roz Scott
Roz Scott
19:54 23 Jan 19
Excellent SEO agency, professional, friendly, committed and extremely customer focussed. They have sorted out many issues on our website including technical SEO on and Off Page SEO. Keyword optimisation work and SEO continues. We could ring the specialist working our case directly, everything was delivered within the timescales. The people to consult when it comes to Digital Marketing and beyond.Sylvia Hahn de Azcueta, Cape Horn Engineering Ltd.
Sylvia Hahn de Azcueta
Sylvia Hahn de Azcueta
10:02 25 Jan 17
Excellent agency and great customer service. They deserve every marketers attention! Their fantastic training courses are run by experts in the field and have helped me in my career. I can't rate them highly enough, check them out!
Stuart Avis
Stuart Avis
14:35 01 Mar 16
Excellent, precise, customised and detailed service!Digital Web World has helped to amend our website, which since increase traffic manifold! Tips for social media strategy and how to make use of keywords also helped us to increase our online presence and brand awareness!
Lisa Bruecher
Lisa Bruecher
16:02 31 Jan 16

Contact Info

The Werks, Hove, East Sussex, BN3 2BE

Phone: 01273 855995

Web: Strategic Marketing Agency