Data regulation update! Have you heard about DPDI?
Take away the bells and whistles, and modern B2B marketing is ultimately centred around data, be it consumer purchase patterns, sales team prospecting, public relations or website clicks.
Information, and how it’s collected, stored, measured and used, forms the cornerstone of effective marketing strategy, but in the ever-evolving landscape of data protection regulations, businesses must stay vigilant and adaptable to remain compliant and competitive.
The General Data Protection Regulation, better known as GDPR, was introduced in May 2018 to enhance data privacy and protection. It significantly impacted B2B marketing by imposing stricter consent requirements, leading to more transparent and opt-in-focused practices in collecting and using personal data, ultimately requiring businesses to be more cautious and compliant in their external marketing efforts.
The landscape is evolving once more, with the UK government’s latest move to reform data protection laws through a new Data Protection and Digital Information Bill (DPDI) underscoring the need for constant vigilance in this space. The bill is now in its second iteration and is beginning its journey to potentially be written into existing legislation.
In this blog post, we’ll delve into what businesses need to know about DPDI, what it entails and the key proposed changes that marketers need to be aware of.
Looking to enhance your marketing efforts with an experienced and dedicated B2B communications team?
Get in touch with our team at PHD Marketing today to discover how easy it can be to cut through the static to find and amplify your brand voice.
What is the Data Protection and Digital Information Bill (DPDI)?
The DPDI reform comes as a response to – and in many ways an evolution of – GDPR and the Data Protection Act (DPA).
The primary objective of the DPDI is to refine and simplify the existing data protection framework, making it more flexible and less burdensome for businesses, while still protecting the integrity and security of consumer data.
Key rundown of DPDI
Just like GDPR did before it, the DPDI is set to shape how businesses are collecting and using data, and introduces several significant points of interest that businesses need to be aware of, including:
Legitimate Interests Basis: The 2023 Bill retains the concept of “recognised legitimate interests” as a legal basis for data processing, offering examples such as direct marketing and network security. However, the basis still requires a balancing test to ensure individuals’ rights are not outweighed by greater flexibility for businesses.
Senior Responsible Individual (SRI): DPDI maintains the requirement for a Senior Responsible Individual only in cases of high-risk processing. This is in contrast to the EU GDPR, potentially raising concerns about conflicts between Data Protection Officers (DPOs) and SRIs.
Data Subject Access Requests (DSARs): The bill refines the criteria for refusing data subject access requests, specifying that requests to access data need to be either “vexatious or excessive” for refusal to be permitted.
Scientific Research: In terms of data collection and the reasons a business may have for doing so, the definition of “scientific research” is expanded under DPDI to include research carried out as a commercial or marketing activity.
International Transfers: The bill clarifies that transfer mechanisms for moving information between geographies, that were in place before its reforms, will remain valid.
Records of Processing: Organisations are required to maintain records of processing only if processing is likely to pose a high risk to individuals’ rights and freedoms, removing the size-based exemption brought in under GDPR.
Powers Granted to the Secretary of State: The Secretary of State gains several new powers with regards to data protection, including setting strategic priorities for the Information Commissioners Office (ICO) and approving statutory codes of practice.
While DPDI shares some similarities with GDPR, it’s essential to understand that DPDI is not opposed to GDPR, but refines and simplifies existing regulations, making compliance more manageable for businesses. Changes are incremental rather than sweeping, for example, DPDI relaxes cookie regulations to eases the burden on businesses regarding pop-up consents, but also proposes higher penalties for electronic marketing violations.
Where does a B2B marketing partner fit in for DPDI compliance?
Staying informed and compliant with the evolving data protection landscape is crucial for B2B marketers. A partner such as PHD Marketing specialises in understanding and implementing regulatory changes like DPDI into external communications. It can provide guidance and ensure your marketing strategies align with the latest compliance requirements.
Staying ahead of evolving legislation can be time and resource intensive. With the support of a dedicated partner, businesses can navigate the complexities of DPDI while still delivering effective B2B marketing campaigns.
With the Data Protection and Digital Information Bill (DPDI) on the horizon, we see another step in the ongoing evolution of data protection laws. While its key changes aim to simplify and modernise regulations, businesses must remain vigilant and adapt to these evolving requirements – or put themselves at risk of financial consequences.
Trust a partner like PHD Marketing to deliver powerful communications strategies and stay informed, stay compliant, and stay competitive in the world of data protection.
Looking to find your brand voice in a changing market? Trust the PHD team to help.
Get in touch with our team today at [email protected].