What do the new data protection reforms mean for businesses and their customers?

The UK Government has just announced significant revisions to UK data protection legislation which they now intend to submit to parliament – via the Data Protection and Digital Information Bill (DPDI) Bill.

What do the new data protection reforms mean for businesses and their customers?

Chris Combemale, Chair of the DPDI Business Advisory Group and CEO of the Data & Marketing Association (DMA UK), discusses why the government’ s proposed reforms will provide businesses with additional opportunities and legislative clarity while maintaining privacy protections for customers.

The UK Government has just announced significant revisions to UK data protection legislation which they now intend to submit to parliament – via the Data Protection and Digital Information Bill (DPDI) Bill. The government expects these data reforms to unlock £4.7 billion in savings for the UK economy over the next 10 years.

The Data & Marketing Association (DMA UK), the UK’s data-driven marketing trade body, supports the Department for Science, Innovation and Technology (DSIT) on the proposed reforms because they will provide businesses with additional pro-growth opportunities, legislative clarity, and simplify onerous administrative burdens on small businesses, while maintaining a high standard of protection for customers.

In the context of business and charity marketing, there are several amendments which will make a significant difference to attracting and retaining customers and donors – through reforms to UK GDPR, The Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (known as PECR).

As Chair of the DPDI Bill’s Business Advisory Group, I had the privilege of championing our business, agency and charity members’ feedback on key areas that were impacting them and their marketers. We collaborated with the government throughout its development to champion the best interests of both businesses and their customers – many of our recommendations were adopted in the below revisions.

Clarifying legitimate interests key for business

One of the most significant reforms is the greater clarity offered on what constitutes a legitimate interest, which will encourage more businesses to use it as a lawful basis for data processing where appropriate.

When GDPR was implemented, many businesses did not have confidence they could rely on legitimate interest as the main legal basis for data collection for marketing – thereby reducing opportunities to attract new customers and to know their existing customers better.

Attracting and retaining customers and donors (through direct marketing) is now clearly identified as a legitimate interest, but customers retain an overriding right to object to marketing should they not wish to do business with a specific organisation.

Important reforms for marketers

DPDI will reduce the amount of paperwork that organisations need to complete to demonstrate compliance in several areas, especially beneficial to smaller organisations.

Critically, if a businesses’ data processing is not deemed as ‘high risk’ to individuals, it will now be exempt from record keeping obligations, as well as the need to have a data protection officer and to conduct risk assessments. For most small businesses, who only use small amounts of data for simple business functionality, this will come as a huge relief, helping them to concentrate their limited resources on other essential tasks.

There are an expanded range of exemptions to consent for cookies, which will reduce consent banners, especially for ecommerce and charity websites, that do not take advertising. Exemptions include collecting statistical information, enabling the way a website appears or functions, and for necessary security updates.

This will improve the customer experience by reducing the number of consent banners while also reducing unnecessary red tape for legitimate website functionality, which will benefit online users and the businesses trying to understand them better.

There is also an extension of the soft opt-in for email to non-commercial organisations, which will enable charities to communicate with existing donors and volunteers – affording charities the same opportunities as businesses for email marketing.

Increasing fines for rogue cold callers

For many years, the DMA has fought a campaign against rogue cold callers, frequently providing evidence to the investigations and criminal prosecutions of the Information Commissioner’s Office (ICO). The Telephone Preference Service (TPS), which we created many years ago, is the UK’s only official ‘Do Not Call’ register for landlines and Mobile numbers. It allows people and businesses to opt out of unsolicited live sales and marketing calls. Businesses must legally screen against this database to ensure a number is not signed up – offering people an important protection against rogue organisations. Therefore, we welcome the increase in fines for rogue cold calling to match the fines in GDPR of £17.5 million or 4% of global turnover. This will further protect people across the country by driving the rogues out of business.

Implementing common sense reforms

These are several key areas in which the new legislation provides pragmatic, sensible change that will encourage innovation while preserving a high level of consumer protection. In the realm of marketing, customers’ privacy protections are maintained because UK legislation gives customers an unfettered right to object to marketing at any time, most visibly in the simple unsubscribe link in every email.

We are confident that the bill should act as a catalyst for growth, while maintaining robust privacy protections across the UK – an essential balance which will build consumer trust in the digital economy.

Chris Combemale
Chris Combemale

Share via
Copy link