The clock is ticking, on 25th May 2018 there will be the biggest overhaul of data protection legislation for over 25 years and it will greatly enhance the way consent is obtained.
These changes are likely to make a significant difference to anyone running a contest or campaign in the UK and Europe (despite Brexit, the UK government has indicated that it will implement the EU’s General Data Protection Regulation) and will also require changes to the way that personal data is then processed afterwards.
The penalties for non-compliance will also increase substantially. Depending on the ’tier’ of the breach, fines can be up to €20,000,000 or 4 percent of the total annual global turnover, not profit, based on the preceding financial year, whichever is the greater.
Beyond financial penalties are the negative perceptions of a business that has not looked after their customer’s data correctly. Bad PR can leave a long lasting impression of a company, particularly around such a sensitive subject as customer privacy.
According to a survey from the Direct Marketing Association (DMA) a quarter of companies (24%) have yet to even start a GDPR plan while little over half surveyed believed their organizations will be ready for the 2018 deadline (source).
At BeeLiked we are currently reviewing and updating our policies and competition rules to make sure that we are compliant for the big day. So lets get going...
How can you prepare now?
Audit your data
Firstly arrange an audit of what personal data you currently hold within your organization, note where it came from and who you share it with, including any third party providers.
You will also need to review any existing supplier contracts and conduct an audit of what personal data they hold, how it is being used, to whom it is being disclosed and to where it is being transferred.
Privacy notices should then be reviewed and updated in advance. Making sure that they can stand up to scrutiny come May 2018. If you have any contests that bridge that date, they must be compliant in advance.
For those intending to run any competitions aimed at children under the age of 16, it is worth noting that GDPR introduces specific protections for children by limiting their ability to consent to data processing without parental authorization. So when creating such consent forms you must show that you have made “reasonable efforts” to verify that a parent or guardian has provided the appropriate consent (you are allowed to lower the age to 13, if used in the US).
If you intend to make any data available to third-party providers you need to get explicit consent for that.
For consent to be valid, it will need to be freely given, specific, informed and an unambiguous indication through a statement or clear affirmative action, such as actively ticking a box. “Silence, pre-ticked boxes or inactivity,” , presumed inadequate to confer consent.
For further information about the gdpr, including resources and a rather unnerving count down clock, click here.
READY TO RUN YOUR CONTEST? BEELIKED CAN HELP
BeeLiked is a marketing platform offering a wide range of innovative digital campaigns to help brands engage with their existing audiences and reach new customers through the viral and social nature of the contests and games.
As part of our commitment to help create original bespoke campaigns we have recently created BeeLiked Studio. The studio is a collaboration with a range of skilled individuals and companies, which allows us to extend the range of creative services we are able to offer. It means that when considering options for larger digital campaigns we can bring in specialists such as 3D illustrators, film & video production, as well utilize our own in-house team of programmers and web designers.
Talk to us today about how we can help create a buzz for your business