4 Key GDPR Questions that still need Answering

With only a few months to go before GDPR comes into force, we still have some very significant questions which have yet to be answered. The UK Government will not be publishing the final legislation and guidance on these questions until December, at which point it will either become much harder to use CRM data for B2B, or the legislation will have it’s teeth removed in the UK (though not in the rest of the EU / EEA).

Here are the key questions that when answered will have a big impact for most compaies on how we will be conducting business in 2018. We have tried to get definitive answers on these, but depending on whom we speak with we get conflicting ones:

Is there going to be opt-out marketing in any way for B2B?

When we asked them, and referred to their guidance, Lawyers and European sources which already have firm legislation in place say no, however the Direct Marketing Association says yes, making this still highly contentious.

It’s worth noting that individuals, including partners and sole traders are entirely opt-out whatever happens at this point, which means that as a B2B operation you still will have to manage a potentially significant part of your contacts in a B2C manner.

How do we promote new events and products from our CRM contacts?

This is the single biggest question which remains unclear. Our strong guidance is that you should prepare as well as possible now by getting as many of your contacts to double opt in to marketing (in a GDPR compliant manner), and to ensure that your contracts allow you to communicate effectively with your customers.

It is crucial to note here the specific separation of marketing communications from other comms under GDPR.

How will Brexit affect GDPR?

The Government says it won’t, and that the UK will retain full GDPR compliancy, but then you also have senior cabinet members like Boris Jonson saying they well might. The combination of Brexit, in-complete UK GDPR legislation, and now the future uncertainty around customer data, is creating a perfect storm for companies who are preparing to be GDPR compliant.

This question will continue to roll whilst Brexit is underway, and be further exasperated in a post Brexit world.

How long can UK companies keep CRM contact records?

The pending GDPR legislations will require that companies only hold valid, relevant personal information, and only for as long as it can be justified to be in the individual’s interest for that data to be held.

How long the data can be held requires further clarification, some Affino clients have been advised that they cannot reasonably hold prospect contact data for more than four months without engagement from the prospect. They have further been advised that they must archive / delete non-essential personal information of ex-customers.

The relationship between the company and customer is not defined by when you last called your customers / sent them messages, only by the permissioning and interaction from their side.

It is also goign to be crucial to keep the contact records up to date as it will be illegal to base some commercial decisions on out of date contact records.

There are many more lesser questions that still need answering, but these four will reshape how business is done in the UK and indeed around the world, as it affects all EU citizen’s data.

We live in a world where we’re approaching the point where voices can be cloned accurately; videos can be generated with near exact likenesses of individuals; devices know where we are almost the whole day; our personal and business relationships can be sold without our full understanding; and we can be identified from an average of 12 anonymous browsing URL’s.

Privacy and control over our personal information will become paramount, so we are big supporters of a solid GDPR implementation by the UK Gov, which will go a long way to protect us all.

We’ll keep you posted on the answers to the above questions as soon as the legislation is published in December.