GDPR legislation and how it will affect Insurance Brokers

GDPR legislation is coming on 25 May 2018, are you ready for it?

The General Data Protection Regulation (GDPR) is the EU’s new regulation on how personal information can be used, and it’s due to be come into force on 25th May 2018. Do you have new marketing controls for how you deal with existing and potential customers? Then read on.

GDPR aims to replace the Data Protection Act (DPA) and the Privacy & Electronic Communications Regulations (PECR) which are long overdue for revision.

Penalties are due to increase significantly up to a maximum of €20 million or 4% of global annual turnover. The question is, are you ready for it?

The key points to note are:

1. New subscribers will need to confirm that they want to opt in.

This affirmation must be via a dedicated subscription form, or via an unticked checkbox in situations where you’re collecting data. Remember pre-ticked boxes or “Tick here to opt out” will not be permitted for your marketing.  You will need to be able to show that your existing clients opted into all your marketing in order to comply with GDPR legislation.

2. You will need to tell subscribers how their data will be used.

For example, if they give you their email address to download a free article, you must tell them if you plan to use that email address for any other marketing purposes including cross-sells. Remember, you must give existing and new clients the option to choose which marketing they would like. The starting point is to be aware of all the marketing you do and to ask clients permission.

3. You will need to keep a record of consent.

For example, if you use a provider such as Campaign Monitor they will store details of how and when a recipient subscribed along with their IP address. This would help you in meeting the GDPR legislation. The UK government has just issued guidance and we will give you more updates in the coming months. Note- your ToBA disclosure might not meet the new consent rules.

4. The following commonly adopted scenarios will no longer apply.

(i) An existing business relationship will no longer imply consent- for example, where you have an existing target list along with their email addresses and contact details. You will need to get in touch with them to get their consent.
(ii) The current soft opt-in where you can email people if there is an existing business relationship.

There is, however, a “legitimate interests for processing” test which means in some cases it might be possible to continue emailing a subscriber without the above in place. You can read more from the DMA >>

5. You will need to get your existing data up to GDPR legislation standards.

If you can’t provide sufficient proof of consent for existing subscribers, you won’t be allowed to contact them anymore. You will need to run a re-permissioning campaign.  This includes subscribers you have added using soft opt-in.

What next?

Marketing in the future will rely on attracting customers through content and interactions that are relevant and helpful — not just interruptive selling.

If you want to find out more about marketing in the GDPR age and how to run a re-permissioning campaign to your clients, then simply drop us an email and we would be more than happy to give you a few tips. Get in touch with us and we will help you stay within the GDPR rules.

The above content should not be used as a substitute for professional legal advice.




Leave a Reply

Your email address will not be published. Required fields are marked *