November 1, 2013

Customer data: Navigating the murky waters of the Data Protection Act

2 minute read

In 1998, the Data Protection Act (DPA) was rolled out to companies across the UK which aimed to regulate “the processing on information relating to individuals, including the obtaining, holding, use or disclosure of such information.”

In the years that have elapsed, however, the DPA has gone through numerous changes and iterations, which can make it difficult for businesses to keep abreast of their new requirements. After all, few people go into business because they want to remain updated with new laws and legislations.

As such, here are considerations thrown up by the DPA, as well as the ways in which they can impact the B2C market.

Basic requirements

Put into plain English, the act means that any companies holding personal data need to ensure it is kept secure, is relevant and up to date, will only be held for as long as it is needed, and that only data which is needed for a specific purpose is kept. Not only that, any individual whom the information is related to may ask to see it at any given time.

Not a hiding place

One of the biggest complaints people have of the DPA is that it’s all too often used by businesses as way to hide. When some firms are asked to provide even the most basic, publicly-available material they will refuse and cite the Act as a reason for doing so. This, however, is far from the original aim of the DPA and it most certainly shouldn’t be used to deny all information requests.

Instead, the aim was more to put safeguards in place that would ensure staff do not reveal private personal information to anyone they shouldn’t, either through stringent safety checks or use of passwords. As such, any information that is requested either by customers themselves or by a third party with sufficient authority to ask for it, should be accommodated.

Marketing considerations

With the introduction of the DPA, truly unsolicited email marketing was effectively outlawed. Instead, businesses could only target those people who had previously given their express permission to be mailed.

The only variations on this are in the case of “soft opt-ins”, whereby a person may not have given express permission for being contacted, but any such messages would be suitably beneficial to them. These are limited to any campaigns which result from obtaining contact details through a previous sale, where similar products or services to those already purchased are advertised and where the subject is given suitable opportunities to opt out of receiving any future marketing messages.

With postal messages, anyone who has previously opted out of such correspondence must have their wishes adhered to, with no exceptions. As such, their desire to receive no further mail must stand indefinitely or else the vendor may face consequences.

The DPA is a multi-faceted, often complex issue that B2C companies have long had to struggle through. That being said, however, it’s also a little more simple than the newspapers will often attest, with their (erroneous) reports of parents not being allowed to take photos of school plays and reverends prevented from wishing sick churchgoers a prayer. As such, the DPA is a big issue that needs proper consideration, but may not be quite as scary as it appears from the outset.

Posted by Ikano Insight


Free consultation with an expert

Talk to one of our experts and find out how to sharpen your competitive edge with actionable data insights and business intelligence.

Request a call back
Customer data: Navigating the murky waters of the Data Protection Act