Dealers and manufacturers could face a shake up in the way they collect customer data due to new General Data Protection Regulation (GDPR) due to be introduced across Europe from April 2018.
Dene Walsh, Verso Group operations and compliance director, said the current level of consumer opt in consent used in nearly all consumer contact databases will not be sufficient under current proposals for the new law. More detail on the new GDPR is due to be released in March next year and there will then be a two year period for companies to prepare.
The new rules are being enforced by the Information Commissioner Office (ICO). Walsh said the ICO will give leeway to companies that can demonstrate a genuine effort to prepare, but if there is no attempt or a gesture "fines can be up to eight figures, including 2% of turnover".
He said: “GDPR will render data unusable. The consent terms used when seeking consumer permission for the collection and use of their information will have to be far more clearly defined, and this includes face-to-face contact with consumers.”
GDPR covers areas such as personal privacy and security, but from a digital marketing perspective it is about new consumer opt in permission rules.
It means all data will have to be audited against the new standards, and where it does not conform then it will need to be refreshed by asking for enhanced consumer consent.
There is also a need to create an effective storing system for individual consent forms, and a method through which consumers can ask and have information on them removed.
Walsh said: “These are not insignificant tasks, and they will not be quick to implement.
“Data audits and changes to data protocol are not things that can be rushed, and may take months of work, including changes to software. Currently, for example, there are very few customer relationship managment (CRM) software systems with a storage function for keeping consent forms.”
Walsh estimates that a dealer network with more than 100,000 records will probably need “a good two years” to audit their data to prepare.
Walsh said: “To continue to use data there are key tasks that have to be completed. They are establishing whether or not the current level of opt in permission used meets the new unambiguous terms required, amending the consent terms, contacting consumers to upgrade the consent level to the new standard, and storing consent forms from every consumer, whether in electronic or paper form.
“There is widespread confusion about the definition of the ‘unambiguous’ permission criteria to the forthcoming law. A good illustration is that it will be like a traffic light system. Consumer consent will have to be sought and provided if you want to convey information about a given subject to a customer or prospect through a given communication channel. Later you may wish to communicate about another subject in another way, and that would be like stopping at another set of traffic lights at which fresh permission must be asked in order to move forward once more.”