Peter Eales FCIM Chartered Marketer at BU 2016

Personal Data and Marketing Responsibly

“Justice means minding one’s own business and not meddling with other men’s concerns.” – Plato. Two and a half thousand years ago, the Greek Philosopher who founded the Academy of Athens would not have predicted one approval, a “like” could have such a serious impact on our privacy. The piecing together of individual pieces of data like a jigsaw now builds profiles or personas of people, which whilst invaluable for marketing is in danger of infringing our privacy. This has been most clearly shown by the work of Kosinski, American Psychologist explained on this video. All of us involved in marketing have a responsibility to use personal data wisely, but what does that mean and what are the issues?


The Infamous Target Retail algorithm led to parental concern for example. Target figured out a teenage girl was pregnant before her father did as is explained in this article . The problem began with a company trying to sell maternity products online. Eventually the teenager confessed she was pregnant. This obviously raises issues of how our personal data is used and indeed to some how it appears to be abused.

Lawful, profitable, and ethical use of data.

Could this be bigger than financial services mis-selling and PPI issues? The Problem is how can we operate responsibly between the two opposing forces of PRIVACY AND DATA-DRIVEN MARKETING? Can we use personalisation in data driven marketing responsibly? Digital exposure may negatively affect people’s experience of digital technologies. “We are getting too good!”  Says Duncan Smith CIM and compliance expert at iCompli. People demand we get out of their personal space. Obsessions of marketers with #clickthru #returns #engagement ….Basic digital records of human behaviour which can automatically predict personal attributes. People automatically assume this stuff to be private!

A Footprint on The Internet

Just like Tonto in the old Lone Ranger films who could track a long left footfprint, so can clever web, internet and digital technology track when we have been on a website. And digital tools can piece together a story about who we are and our personalities. We leave a digital footprint. So this means as marketers, and companies, we must gain consent from people when using their data. For example, phone data on fitness tracking triggering for sports equipment, or health products. This data might tell an insurer for example if I am eligible for insurance, I would imagine…but did I really give permission for them to know this? Not knowingly. Marketers see opportunities, but there are human rights to privacy to be balanced.

UK Privacy Legislation

Self-regulation has not worked. Fines have grown over time upto £350k recently at Prodial Ltd for nuisance telephone calls. A company director can now personally be fined and levels of fines have increased.

Telephone Nuisance

We have specific family experience of domestic telephone nuisance calls so have used the Telephone Preference Service here and also reported to the Report Domestic Call Abuse Concerns
03450 700707. For Business register with Corporate TPS and you can Call ICO and report on 08457034599. In Spring 2017 the Legislation #NoNuisance comes into full swing see:

General Data Protection Regulation – GDPR

Ageing data protection regulations are being replaced by GDPR explained here by the ICO. A Data Controller or Data Processor can face a significant fine: 4% of global turnover or €20m – Processing breaches typically, and 2% Global turnover (including consent), or €10m typically Supervisory breaches.


Personal Data – drives everything
Principles – controls, who is using data, do we understand how data is used?
Processing – controls, who is using data, do we understand how data is used?

What is personal data?

Any information relating to a person. Identified for example by name, number, location, one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Controller Compliance Accountability

The GDPR “six principles”
– Be fair, lawful, and transparent
– Obtain data that is adequate, relevant, and not excessive
– Only keep identifiable data as long as necessary
– Collect data for a specified, explicit purpose; use for that purpose
– Keep data accurate and, where necessary, up to date
– Don’t lose data, break it, damage it or put it in a “physically unsafe environment”

Consent only comes from transparency and people understanding what is done with their data. Especially as data can be put together like a jigsaw to reveal personal profiles.  As a Controller you must demonstrate compliance, accountability, and you can be audited.


It must pass one of six tests, and transparency is nearly always a problem, because who likes their information being stored?

  1. Consent for specific purposes
  2. Controller’s legitimate interests
  3. Contractual necessity
  4. Controller bound by legal obligation
  5. Protect vial interests
  6. Public interest, official duty

The first allows us to do the most in terms of marketing. And we must be transparent.


“The data subject’s content” means any freely given specific, informed and unambiguous indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed.”

What is important
– freely given
– specific informed
– unambiguous indication
– signifies agreement

Not inferred consent.
So it is critical to have:

Control – they have to be in control
Transparency – the marketer has to be transparent
Notification – the customer has to actively agree, and express consent
Verification – prove you have consent (ie double opt-in ie we email back to prove we have opted them in)

Consent is Clearly Distinguishable
No hidden clauses i.e. it is standalone matter in clear language. You have to unbundle offers.
So for example you have access to our wifi if you give us your email, and here are the benefits. Be clear about the rewards.

GPDR Deadline 25 May 2018

Some key challenges will emerge says Duncan Smith CIM and compliance expert at iCompli. He cites, The need for legal champions, to map data flows, which will enable Gap analysis, and to understand where is data being collected from. Are you at risk now? In the future? Look at the gap. Where are you at risk from non-compliance.Revise or modify the organisation structure, do you have sufficient governance? Make sure the Board is appropriately involved. Do appropriate risk analysis. Ensure you have the right analytics and Lead generation devises, tools such as Opt-in buttons.

For more detail contact us at o i solutions.
Source material:
Duncan Smith CIM and compliance expert at iCompli
ICO – Information Commissioner’s Office
Lesley Tadgell Foster, BU Lecturer and IDM expert

Contact us if you have any questions
Peter Eales BA Hons Chartered Marketer FCIM FIDM
Founder Director Dorset Business Angels
MD o i solutions limited

Posted in Articles and tagged .