Does the start of Brexit mean marketers are off the hook with GDPR?
The EU GDPR comes into play in just over a year, and many businesses are not yet compliant, make sure you understand the effect Brexit will have on all this....
If you live in Europe, you would have had to try really hard not to hear the news that the UK has started the exit process from the European Union on the 29th March 2017. Though I’m pretty sure that this historic action made it to news sites globally! The media is comparing it to a painful divorce – and it does feel a bit like the UK and EU now have to sort out everything from who will get the kids the house, down to dividing up the CD collection.
One key area that the UK wants to maintain is that of trade. According to The Independent in July 2016 about 48% of total UK exports went to the EU. That’s almost half. If you think that there are 196 countries in the world, the EU member states account for 13.5%. Therefore, with 48% of exports going to 13.7% of countries, it’s certainly something worth retaining as much as possible going forward.
On the marketing side, email has been consistently highlighted as one of the best channels in terms of return on investment, with £38 per £1 spent. So along with continued trade with EU states will come the necessity to promote and process much of that trade via email.
Connecting those two points, in May 2016 the European Parliament and European Council introduced to the statute book the European Union General Data Protection Regulations (GDPR). Article 99 paragraph 2 states simply: “It shall apply from 25 May 2018.”
That is just 13 months away now.
“It shall apply from 25 May 2018”
Since the Brexit Referendum in June 2016 decided that the relationship between the UK and the EU would fundamentally change, business and marketers have wondered whether GDPR will still be relevant both throughout and after the exit process.
The simple answer is it that makes no difference. This is for two reasons:
Firstly, Article 3 of the GDPR defines the territories covered with regards to the processing of personal data. It clearly differentiates between data subjects (consumers), data controllers (businesses) and data processors (like your email service provider or CRM system which process data on behalf of businesses). The important part to note is that regardless of where the business is located, or where the processing takes place, if the data subjects are geographically based in the EU businesses need to abide by GDPR.
Secondly, assuming the 2-year timeline for negotiations after the triggering of Article 50, the UK will be part of the EU for 10 months after GDPR is enforced so marketers in the UK sending email to data subjects in the UK as part of the EU need to comply for that time. And if you remember the ROI figures above, this is no time to bury heads in the sand. If your business processes personal data and has an established presence in the EU, GDPR will still matter regardless of where the data processing takes place.