GDPR Legislation – An overdue wake-up call for Marketing?

As a full-service data agency, TDP Marketing have always been at the forefront of the data protection and latterly preparation for the general data protection regulations that become statue in just 11 months from now. As a registered claims management company (CMC) with The Ministry of Justice, we are closely monitored and regulated with regards to subject data handling, data retention and of course permissions.


All of our team have attended continuous and rigorous GDPR training & workshop courses ahead of the sweeping changes and we have been interested in the surge of attention, media activity and column inches this has had to date. The response of businesses, the media, privacy groups and indeed legislators themselves has sometimes been a bit sensationalised, but quite rightly; it does have sweeping implications for anyone who holds or uses customer data.

Knowing the Basics of Data Security

The fundamental data and cyber security issues, like knowing what data is held on your customers, whether this information is deemed sensitive, what controls you have in place with regards to its use and of course how long you’ve held it and how you keep it secure, should already be pivotal to any companys data strategy. How have you personally reacted to know that your personal details have been compromised, whether it’s from TalkTalk, Wonga, Google or Adobe – and remember these are the big, profitable organisations that (allegedly) have these robust rules in place. What would the impact be on your business?  Could your company keep it’s customers if the integrity of their data is lost or compromised?  The answer, according to report out this week from The Drum is not positive, with 17% of marketing agencies reporting they would go under if hit with a GDPR fine.

In a survey of 187 marketing and advertising companies conducted by YouGov on behalf of law firm Irwin Mitchel, 70% said they wouldn’t be certain of their ability to detect a data breach. Meanwhile, just 37% said they would be equipped to deal with it in the required timescale of three days. This is a concerning number given the reliance of the UK’s output on agencies, retailers, creatives, fintech & cybertech firms operating in this new digital economy.

Acting on the changes ahead of GDPR

Contrary to popular belief personal data is not just consumer information. It is hard to think of a business today that does not use personal data. Whether you have employee data, customer data or supplier data – if the data relates to an individual you will be caught by the new data protection laws if your company is not ahead of legislation. The message from the ICO is clear: especially for third party data providers and users alike, more value must be placed on quality than over quantity. Data is a valuable asset, but only with the consent to use it. The ICO have published a handy Guide of 12 Steps to take to Prepare your Business for GDPR, you can download it by clicking the link.

These are really just common sense data handling measures, and given that the Data Protection Act dates from way back in 1988, with hundreds of retrospective amends, the GDPR should actually be a breath of fresh perspective for marketing, not something to be feared. TDP Marketing have always offered full accountability of its data provision, full due-diligence on suppliers, binding non-disclosure agreements, complete traceability on third-party sharing agreements, a DPO-led subject access request team and with fully GDPR compliant staff as a licensed data controller – we are happy to discuss these steps with you and see what value we can add or assist with your data integrity issues. And you will have some or you won’t be reading this!

Where do we go from here?

There is however, much ambiguity surrounding ‘Consent’ which explains why so many different practices have been adopted. Under GDPR Consent is clearly defined as “freely given, specific, informed and unambiguous”. So does that term truly apply to how you collect leads or enquiries? Organisations must assess and make provisions for GDPR now, but with careful rigour and ‘value’ needs to be viewed more favourably than just sheer volume of records.

In the first instance, please send us a message and briefly detail what specific data issues your organisation faces, (and we’ve heard most of them before) and whether is appending, updating, a requirement to re-opt in your customers, mortality screening, address or TPS checking, HLR screening – we’re confident we help.

Get in touch, to start the conversation…


[contact-form-7 404 "Not Found"]

Leave a Reply