The clock is ticking, on 25th May 2018 there will be the biggest overhaul of data protection legislation for over 25 years and it will greatly enhance the way consent is obtained.
These changes are likely to make a significant difference to anyone running a contest or campaign in the UK and Europe (despite Brexit, the UK government has indicated that it will implement the EU’s General Data Protection Regulation) and will also require changes to the way that personal data is then processed afterwards.
The penalties for non-compliance will also increase substantially. Depending on the ’tier’ of the breach, fines can be up to €20,000,000 or 4 percent of the total annual global turnover, not profit, based on the preceding financial year, whichever is the greater.
Beyond financial penalties are the negative perceptions of a business that has not looked after their customer’s data correctly. Bad PR can leave a long lasting impression of a company, particularly around such a sensitive subject as customer privacy.
According to a survey from the Direct Marketing Association (DMA) a quarter of companies (24%) have yet to even start a GDPR plan while little over half surveyed believed their organizations will be ready for the 2018 deadline (source).
At BeeLiked we are currently reviewing and updating our policies and competition rules to make sure that we are compliant for the big day. So lets get going…
How can you prepare now?
Audit your data
Firstly arrange an audit of what personal data you currently hold within your organization, note where it came from and who you share it with, including any third party providers.
You will also need to review any existing supplier contracts and conduct an audit of what personal data they hold, how it is being used, to whom it is being disclosed and to where it is being transferred.
Privacy notices should then be reviewed and updated in advance. Making sure that they can stand up to scrutiny come May 2018. If you have any contests that bridge that date, they must be compliant in advance.
Update consent
Identify all the places you are asking for consent within your campaigns as you will need to check the wording. Under GDPR, simply saying “click here to read our privacy policy” is no longer enough for a contest. You need to explain clearly why you are collecting personal data and how you then intend to subsequently use it.
For those intending to run any competitions aimed at children under the age of 16, it is worth noting that GDPR introduces specific protections for children by limiting their ability to consent to data processing without parental authorization. So when creating such consent forms you must show that you have made “reasonable efforts” to verify that a parent or guardian has provided the appropriate consent (you are allowed to lower the age to 13, if used in the US).
If you intend to make any data available to third-party providers you need to get explicit consent for that.
For consent to be valid, it will need to be freely given, specific, informed and an unambiguous indication through a statement or clear affirmative action, such as actively ticking a box. “Silence, pre-ticked boxes or inactivity,” , presumed inadequate to confer consent.
About BeeLiked
BeeLiked offers companies an ever-growing portfolio of campaign types that are quick to create, with full design flexibility, performance tracking and data collection capabilities to ensure your campaign and promotion exceed all your expectations.
The BeeLiked Platform can help you engage and incentivize your audience and customers across their life-cycle and journey.
BeeLiked is on a mission to prove the ROI of innovative gamified driven marketing. Click here to start your 14 day free trial.