How Data Protection affects email marketing companies
As more and more people live their lives online, privacy is one of the areas people are most likely to debate. As news is released almost weekly of large companies breaking data protection laws with little or no consequences, how can you be sure that the data you’re storing online is safe?
There are laws in place, depending on where you live, and where your campaigns will be sent from. Wired Marketing is based in the UK, and as such, we will be looking at the Data Protection Act 1998.
This Act is designed to comply with a European Union Directive which aims to harmonise the variety of data protection laws across Europe.
The Act will apply whenever personal data is processed. This means when anything is done to personal data- when it is used, disclosed, sorted, collected, amended or deleted. Once personal data has been deleted, the Act will no longer apply, as the data cannot be recovered. The Act also applies to data processed through a computer, or in person.
The Principles of the Act cover the basic practices which have been created to ensure companies can use data to deliver a product or a service, but also ensure the privacy of the individual is protected.
The 8 Data Protection Principles require data to be:
- Processed fairly and lawfully,
- Processed only for specified lawful purposes,
- Adequate, relevant and not excessive in relation to the purpose,
- Accurate and kept up to date where necessary,
- Processed no longer than is necessary,
- Processed in accordance with the rights of the data subject,
- Protected by appropriate technical and organisational measures,
- Not be transferred to any country outside of the European Economic Area unless that country ensures than an ‘adequate level of protection’ for rights and freedoms of data subjects acceptable to the EU
(RE: the final principle. There is a regulation in place known as Safe Harbour between the EU and the US. Although no official law is in place, this states that the US will follow EU directives regarding personal data, and no rules will be violated.)
This means email marketing companies must comply with the law as soon as any personal data is received, and that refers to staff data as well. We must keep the data accurate, up to date and only use it for the purposes originally stated upon collection. We must also delete the information upon instruction, and this data can never been reinstated.
Failure to comply with Data Protection laws can mean a fine of up to £500,000 enforced by the Information Commissioner’s Office.
At Wired Marketing, as we deal with such large quantities of data on a daily basis, these laws are imperative to our company culture, and are always in place.
All personal information stored can only be accessed by people who have been given permission to view it. All accounts are protected by a secure email and password, and second users can only be added with written permission by the original account holder. It’s important that the customer and the customer’s data are held securely.
We take email marketing law very seriously, please feel free to contact your Account Manager if you have any queries, or view information relating to Data Protection on the ICO’s website.
NB: This does not constitute professional advice, please contact a legal professional for more details.