TDP values all of its clients – from the big MNC to the small local trader – from small acorns form mighty oaks and that is a statement that we keep at the forefront of all of our dealings. Some clients have worked with TDP since its conception, nearly 20 years ago, which is testament to the product and service we offer; in addition, over 35% of our current client base is from external referrals.
One of the areas that TDP prides itself on is the communication we have with clients. We ensure that the relevant people in What makes us truly unique is that we understand that quality data drives marketing campaigns and we can offer measurables results that increase your ROI. We are confident in our provision and as such we offer 95% accuracy guarantees across all our data products. If an issue occurs, because let’s face it, sometimes things do go wrong, we will always endeavour to work with you to solve the problem. We believe honesty and accountability is the only way to a build solid relationship with you and as such over 30% of our work comes from external referrals.
TDP values all its clients – from the big MNC to the small local trader – from small acorns from mighty oaks and that is a statement that we keep at the forefront of all of our dealings. Some clients have worked with TDP since its inception, which is a testament to the products and services we offer.
One of the areas that TDP prides itself on is the communication we have with our clients. We ensure that the relevant people in the order chain are kept up-to-date with state-of-the-art CRM management including automatic delivery reports, reminders and data destruction notices to ensure you remain compliant and aware of what is available to you.
We TPS check and Live HLR validate Mobile and Landline records prior to delivery. Our records are verified on 5 levels to ensure the quality remains high. All postal records are MPS checked, screened against the National Home Movers and Bereavement. All of this is done upon every single output, every single time. We stake our reputation on it and ultimately, yours.
What does GDPR stand for?
GDPR stands for General Data Protection Regulation. It’s the core of Europe’s digital and data privacy legislation.
What is GDPR?
GDPR is a set of rules designed to give more control and transparency over to data subjects over their personal data. These regulations are designed to modernise the laws and obligations surrounding our personal data, privacy and consent in the new digital age.
Under the terms of GDPR, not only do organisations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it (data controllers) are obliged to protect it from misuse and abuse, as well as to respect the fundamental rights of data subjects – or face hefty fines for not doing so (Up to €10 million, or 2% annual global turnover – whichever is higher; or. Up to €20 million, or 4% annual global turnover – whichever is higher)
Processing data under GDPR
There are six lawful bases for processing data, as outlined in Article 6 of the regulation, at least one of the below must apply in order for personal data to be processed:
- Consent: Clear and unambiguous consent had to be given for an individual’s personal data to be processed. Explicit consent is required when processing special categories of personal data, such as, data about an individual’s ethnic origin or sexual orientation.
- Contract: the data is necessary to fulfil your contractual obligations and you cannot comply without processing their personal data.
- Legal obligation: data needs to be processed for you to comply with a common law or statutory obligation
- Vital interests: data needs to be processed to protect someone’s life. You can only rely on vital interests for health data.
- Public task: the processing is necessary in ’the exercise of official authority’.
- Legitimate interest: the legitimate interest can be your own interests, or the interests of third parties. Legitimate interest is more flexible than the other legal grounds and could potentially cover any data processing for any reasonable purpose. However, the processing must be necessary and must not override an individual’s rights.
Marketing under GDPR
There are two of the six lawful bases that should be used for processing data for marketing purposes.
· Consent; or
· Legitimate Interest
Now whilst you can rely on either of them, you can’t rely on both. Neither is better than the other but, once you determine your basis, you cannot switch.
The DMA have produced an information guide discussing the two lawful bases. https://dma.org.uk/uploads/misc/new-gdpr-for-marketers_consent-and-legitimate-interest-final.pdf
Legitimate Interest
Most likely to be the most appropriate when marketing to your own client database with which you have a pre-existing relationship and they would reasonably expect to hear from you, which have a minimal privacy impact (such as direct mail campaign), or where there is a compelling justification for the processing.
Whilst you would’ve originally collected your data pre-GDPR based on Consent, you may find that the Consent you have in place is no longer valid. The transition period of GDPR allowed organisations that had their own Customer / Marketing Files to switch their lawful basis. However, you were required to notify those individuals of the change.
You should complete a balancing test, known as a LIA template (legitimate interest assessment) to determine if this is the most appropriate lawful basis for processing.
To comply with this basis, you should ask yourself the following;
What is the interest?
Is the processing necessary?
How are the data subjects right affected?
Legitimate Interest is the most flexible of the lawful bases for processing but, it must not be mis-used. Be sure that the fundamental rights of the Data Subject are not breached, evidence that you took relevant steps not to breach the rights of the Data Subject and indicate why you chose this basis as opposed to Consent.
Consent
For third-party direct marketing, where a previous relationship does not exist, it is unlikely that Legitimate Interest is the most appropriate lawful basis for processing. Therefore, we capture, process and share data on the basis of Consent. Consent offers the most transparency and enables the Data Subject not to lose track of their data by clearly outlining within our Privacy Policy with whom their data is being shared.
Our data contributors collectively gain the consent of Data Subjects to process their personal information. Data is captured both online, offline and using telemarketing campaigns via customers, customer satisfaction and lifestyle surveys, mail order, purchase/warranty card responses and offers and competitions and comparison websites. At the point of data capture, TDP is named as one of the Data Controller’s and the TDP Privacy Policy is made available to all Data Subjects.
The Data sourced has consent for TDP to process in-line with our Privacy Policy which is also available at the capture point. Our Privacy Policy offers as much transparency as possible to ensure that the Data Subject is aware of whom their data may be shared with, the purpose of which it may be shared and the length of time our Clients have to process it.
All our aggregated Data is collated, validated, verified, screened and enhanced then combined into a series of databases from which extracts are then feed into TDP’s data-pool. We rebuild this file on a monthly basis to ensure that any data subjects that have objected to the processing of their data are suppressed, including those that have subscribed to the TPS register.
If you have any further questions, or wish to discuss this in more detail, please contact compliance@tdpagency.co.uk or speak with our Head of Compliance, Carly Priest https://tdpagency.co.uk/staff/carly-priest/
PECR
The Privacy and Electronic Communications Regulations (PECR) sit alongside the current Data Protection Act and the GDPR. It gives people specific privacy rights in relation to electronic communications.
There are specific rules on:
- marketing calls, emails, texts and faxes;
- cookies (and similar technologies);
- keeping communications services secure; and
- customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.
Specifically, in relation to an email direct marketing campaign, you wouldn’t be lawfully able to email your offers, without consent under PECR.
To find out how we can work with you to ensure your campaigns remain compliant with the PECR regulation please contact enquiries@tdpagency.co.uk