What is happening with UK GDPR post-Brexit? How do the latest GDPR updates affect professional services marketing efforts, and most importantly do you need to do anything?
If you’re feeling a vague sense of “is there something I should be doing/not doing/doing more of” now that the UK has left the EU you are not alone. Unpicking the GDPR rules and regulations can be tricky at best.
The Law Firm Marketing Club recently held a webinar, where expert speakers from Teal Compliance made sense of the small print and what the practical implications might be. Whilst this session was for law firms, it applies to all professional services businesses.
In short, the 6 rights underpinning GDPR remain the same, namely:
- The right to be informed about data held
- The right to access this information
- The right to erasure
- The right to have data rectified
- The right to restrict processing
- The right to transfer data
Most firms will already have robust processes in place to comply with these rights when undertaking marketing activities. The only UK GDPR post-Brexit action you may need to take now is to review and potentially tweak your privacy policies. Previously set to be compliant with EU data protection laws, policies now need only refer to UK laws only.
6-month “bridging” period
The UK law itself has not yet changed post-Brexit as we are currently in a 6-month “bridging” period whilst a decision is made on whether UK regulations are adequate in the new landscape.
In the meantime, questions are still raised around whether you can contact people via marketing campaigns without specifically getting their permission first. In reality, there are grey areas and a level of interpretation regarding the regulations.
The code of conduct for solicitors states that you should not make unsolicited approaches – but you can contact people on the basis of a legitimate interest ( so if they’ve bought services from you before or asked to hear about similar products or services, for example). But you must tell them what the legitimate interest is and give them the option to opt-out.
All professional services firms should conduct themselves in the same manner.
Researching firms of interest and emailing them is also not totally out of the question as long as you are contacting a business rather than an individual. Using the “info@“ email is ok, picking an individual and targeting them is not.
Similarly, caution should be exercised when advertising, particularly social media campaigns. Whilst these are great as you can target specific demographics you need to be careful that you are not classed as making an unsolicited approach, particularly to potentially vulnerable audiences.
From a best practice point of view, we would always advocate building your database of contacts organically and by specifically asking for permission. Having a reputable CRM system and/or email marketing system in place is also imperative so that campaigns can be tailored and sent both compliantly and efficiently.
If you have any specific questions about the interpretation of GDPR you can contact the ICO directly.
Read our blog about how to grow your email marketing whilst maintaining compliance with GDPR. If you’d like help setting up your CRM systems or targeted communications, please contact us on 01903 530787 or via the form below.