The Government announcement on the new Data Protection Act is to a large extent, already covered in General Data Protection Regulation (GDPR), which becomes law in May next year.
However, while full details of the Government’s intention regarding its new bill will not be revealed at least until parliament returns, key areas are known that are important for automotive marketers:
- make it simpler for customers to withdraw consent for the use of personal data
- allow customers to ask for their personal data held by companies to be erased ("right to be forgotten")
- enable parents and guardians to give consent for their child’s data to be used
- require ‘explicit’ consent to be necessary for processing sensitive personal data, such as health data
- expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA
- update and strengthen data protection law to reflect the changing nature and scope of the digital economy
- make it easier and free of charge for individuals to require an organisation to disclose the personal data it holds on them ("data subject access request")
- make it easier for customers to move personal data between service providers ("right to data protability")
There is also the intention to extend of the ‘right to be forgotten’ to include social media. Social media platforms will have to delete information on children and adults when asked.
The new Data Protection Bill is in essence all about giving consumers greater control over their personal data. In practice organisations must be responsible custodians of personal data, and be accountable and transparent to consumers about the use of information.
As government ministers and the Information Commissioners Office continue to line themselves up to introduce regulation that will apply for the next decade, businesses will have to wait a few months longer to learn exactly what the new rules will be.
In the Queen’s Speech, government introduced the new Data Protection Act, and it is under this act that the content of this week’s announcement will be introduced.
However, earlier this year Parliament approved the Digital Economy Act, and in it the Information Commissioners Office is instructed to produce recommendations for new direct marketing and data guidelines.
These guidelines will be statutory, meaning companies that break them could end up in court.
The guidelines would also pass into law under the new data act.
There is no doubt GDPR will be the foundation of what the ICO recommends in the guidelines, but there is scope for far more.
Also, the EU has yet to announce content of the new EU privacy law, that will come into effect at the same time as GDPR. Plus, the ICO has not yet given full details of how it intends to interpret GDPR in law.
What all this means is that marketing departments will have to wait a little longer to find out what the new data rules will be.
GDPR - useful guidelines
The ICO, however, has produced useful guidelines on how to get ready for GDPR, and they are available via this link ico.org.uk/media/for-organisations/documents/1624219/preparing-for-the-gdpr-12-steps.pdf
One of the key questions for the automotive retail sector surrounds regulation on outbound calling - sales calls, and reminders about MoTs and servicing.
Along with other business sectors that rely on the ability to call members of the public, representatives from the automative sector are campaigning for the freedom to make such calls by joining Call For Action On The TPS.
The Scottish Motor Trade Association, dealer groups and independent garages are contributing support and ideas to the campaign group, which will enter dialogue with the ICO and government ministers to put forward workable new telemarketing regulation.
However, the Society of Motor Manufacturers and Traders and Independent Garage Association have decided not to be part of the campaign.
With such a large degree of change taking place there may be a temptation for car marketers and aftersales departments to simply turn their backs on it, or put off any action until all new legislation is in place.
However, the sanctions the ICO will be able to impose in future will be far tougher than what it is able to hand out at the moment, but more importantly consumers have growing expectation from relationships with companies, and they are growing increasingly aware of the responsibilities companies have in terms of personal information.
On top of this the ICO makes news announcements about offending companies.
Breaking the bonds of trust and statutory law at the same time is not for the feint hearted.
Author: Nick Rines, spokesperson for Call For Action On The TPS