Beware the consultants

 

Andrew Scott

 

May 25th sees a new EU Regulation come into force, the General Data Protection Regulation, and it’s already causing confusion and panic within the business community. An army of consultants, advisors and groups have jumped on the band wagon, organising seminars and events that are often ill-informed, sometimes misleading and all-to-often designed to generate significant fees.

 

Andrew Scott, managing director of Insight Data, says: “Despite the barrage of information, courses and so-called experts that have emerged, there is no official certification or accreditation for GDPR. Anyone with limited knowledge can put on a seminar and offer advice, but our experience is that many of these simply get it wrong."

 

In practice, the principles of the GDPR are straightforward and the Information Commissioners Office (ICO) provides easy to understand and comprehensive guidance for businesses, via www.ico.org.uk

 

GDPR focuses on the fundamental rights and freedoms of the individual and defines how organisations should collect, store and process personal information. The ICO publishes clear and free information on how to become GDPR compliant” says Scott.

 

Marketing is a key area of confusion for many companies, with ill-informed GDPR consultants advising companies to rely on ‘consent’ as the way to comply.

 

Scott says: Consent is one way to comply with GDPR however there are six ways to process data under GDPR, with ‘contract’ and ‘legitimate interest’ both perfectly suitable depending on the situation.”

 

It is important to realise that GDPR relates to how companies collect, store and process personal data. Marketing communications – particularly electronic such as SMS and email, are governed by separate regulations, PECR (Privacy and Electronic Communications (EC Directive) Regulations 2003). PECR has not changed, although a replacement, ePrivacy, is currently in rraft format and is likely to be introduced in 2019.”

 

Insight Data has been tracking developments on the GDPR since it was first proposed in 2012 and worked closely with the DMA (Direct Marketing Association) and data protection lawyers throughout the process.

 

The company provides marketing data that helps companies target new customers including fabricators and installers, construction companies and builders, and architects. The data is collected, stored and processed to ensure it complies with the GDPR.

www.insightdata.co.uk