The new General Data Protection Regulation, which comes into force on May 25, 2018, primarily affects the communications industry. This also includes the sampling agency Freudebringer, which also works with customer data itself. Not entirely selflessly, we therefore invited people to a data protection workshop at the agency. 60 guests accepted the invitation to the advertising agency.
Unfortunately, the new General Data Protection Regulation creates difficulties for the most part, not just for advertising agencies and below-the-line agencies like Freudebringer. But first, the good news: press releases can still be sent to journalists by email. At least that applies as long as the person in question doesn’t prohibit you from doing so. In many other areas, however, it is important to take appropriate precautions now.
Anton Jenzer is someone who should know: The managing director of VSG Direktwerbung and president of the DMVÖ provided information at the sampling agency as part of the workshop about the new EU General Data Protection Regulation, which comes into force on May 25, 2018. First of all, it was an entertaining, sometimes emotional evening.
Dr. Sigrid Neureiter from Neureiter PR has kindly summarized the 10 most important points from a communication perspective:
1. Data misuse is not a trivial offense
Much of what is regulated in the new DSGV already applied previously. The big difference: the penalties can be more severe. There is talk of maximum penalties of up to 20 million euros. But anyone who thinks it only affects large corporations is wrong. The fines can also be severe for small and micro-enterprises.
2. Companies have no data protection
Newsletters, mailings, etc. You can still send to office addresses. Because companies have no data protection. But the individual employees do. In order to continue sending personalized newsletters, you need written permission from the respective contact person, ideally a registration for the newsletter.
3. If someone gives me their business card…
I have the right to store the data, but not to send the person concerned a newsletter. I need express permission for this – again preferably in writing, as this is difficult to prove verbally in practice. In any case, data must be documented, for example in the form of customer data, journalist data, supplier data, etc.
4. If someone has already subscribed to a newsletter…
The question is whether he has subscribed to it in writing (opt-in) or whether he simply receives it because he has not “defended” it for years (opt-out). If the latter is the case, then now is exactly the right time to get permission, e.g. in this form:
The new GDPR comes into force on May 25, 2018. So that you can continue to receive this newsletter, we ask you to briefly confirm your registration here. With button “Newsletter registration”.
5. Press information…
may continue to be sent to journalists. But it actually has to be press releases. An email that has even the slightest hint of sales is not permitted. There must also be an option for journalists to unsubscribe (opt-out).
6. Printed mailings
Personalized written mail may also be sent in the future. As before, however, a comparison with the Robinson list is required.
7. Phone calls
In the B2B sector – i.e. from company to company – calls for cold calling should be allowed. In the B2C area – i.e. company to private customer – this is already not permitted.
8. Data security and sharing
Personal data must be encrypted, especially when transported from A to B. Data transfer is only permitted with written consent. I may continue to pass on customer data to a service provider in the future. However, it must be contractually stipulated exactly what he is allowed to do with it.
9. Transparency
If the authority asks me, I must be able to provide information about what personal data I have stored and where. If I have stored sensitive data (e.g. about health), I must inform the customer. This is not necessary for pure marketing data. However, I must be able to provide information upon request as to what personal data I have stored about a specific person.
Deutsch
