How will the UK’s data privacy reforms benefit SMEs?

Chris Combemale, CEO of the Data & Marketing Association (DMA UK) and Chair of the DPDI Business Advisory Group, discusses why the government’s proposed reforms will benefit businesses and their customers.

The UK is set to receive significant revisions to its data protection infrastructure, which the government hopes will both unlock £4.7 billion in savings for the UK economy over the next 10 years, as well as helping to supercharge investment and growth across the digital economy.

The Data Protection and Digital Information Bill (DPDI), which has just concluded its journey through the House of Commons, will make a series of reforms to UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR) to achieve this.

As Chair of the DPDI Bill’s Business Advisory Group, I had the privilege of leading the feedback of industry to government, representing organisations both large and small, on key challenges that were impacting them and their marketers.

This co-ordinated industry front helped us to secure important reforms that will provide businesses with additional pro-growth opportunities and legislative clarity, while simplifying onerous administrative burdens on small businesses – but, crucially, it will maintain the UK’s high standards of protection for consumers and ensure we retain our adequacy status with the EU.

Listening to SMEs’ needs

To highlight the views of SME leaders and the UK public on the future of data protection, the Data & Marketing Association (DMA UK), the UK’s data-driven marketing trade body, recently published the ‘Data Horizons: How UK SMEs and Consumers View the Future of Privacy Regulation’ report.

It revealed two thirds of SMEs (66%) are supportive of the UK Government introducing updated and modernised data privacy regulation to address inherent challenges of GDPR.

Many businesses admitted to facing inherent challenges when it comes to processing personal customer data. Nearly half of SMEs (43%) reveal that their business’s marketing operations have been stunted by GDPR and nearly a third (31%) claim GDPR has caused them to get rid of a lot of their customer database.

These views mirror our industry leaders’ feedback over recent years, so, fortunately, the DMA was able to champion the best interests of both businesses and their customers throughout DPDI’s development – many of our recommendations were adopted in the below revisions.

Easier to attract and retain customers

Our research also found that three quarters of SMEs (75%) want data protection regulations that easily enable them to prospect for new business; and a similar percentage (76%) want regulations that make it easier to talk to their current customers.

One of the most significant reforms is the greater certainty on legitimate interests, which will encourage more businesses to use it as a lawful basis for data processing where appropriate.

When GDPR was implemented, many businesses did not have confidence they could rely on legitimate interests as a lawful basis for processing data for marketing – thereby reducing opportunities to attract new customers and to know their existing customers better.

Attracting and retaining customers and donors (through direct marketing) is now clearly identified as a legitimate interest, but customers retain an overriding right to object to marketing should they not wish to do business with a specific organisation.

Key changes for SME marketers

Nearly half (48%) of SMEs expressed concern that GDPR introduced unnecessary bureaucracy to businesses, while well over a third (37%) say it does not work for small businesses.

DPDI will reduce the amount of paperwork that organisations need to complete to demonstrate compliance in several areas, especially beneficial to smaller organisations.

Critically, if a businesses’ data processing is not deemed as ‘high risk’ to individuals, it will now be exempt from record keeping obligations, as well as the need to have a data protection officer and to conduct risk assessments. For most small businesses, who only use small amounts of personal data, this will come as a huge relief, helping them to concentrate their limited resources on other essential tasks.

There are an expanded range of exemptions to consent for cookies, which will reduce consent banners, especially for ecommerce and charity websites that do not take advertising. Exemptions include collecting statistical information, enabling the way a website appears or functions, and for necessary security updates.

This will improve the customer experience by reducing the number of consent banners while also reducing unnecessary red tape for legitimate website functionality, which will benefit online users and the businesses trying to understand them better.

There is also an extension of the soft opt-in for email to non-commercial organisations, which will enable charities to communicate with existing donors and volunteers – affording charities the same opportunities as businesses for email marketing.

Pro-growth reforms

These are several key areas in which the new legislation provides pragmatic, sensible change that will encourage innovation while preserving a high level of consumer protection.

In the realm of marketing, these reforms will help marketers better engage with new and existing customers, while maintaining their existing privacy protections, such as their right to object to marketing at any time.

We are confident that the bill should act as a catalyst for growth, while maintaining the trust of the UK public in the regulatory landscape – an essential dynamic which will further build the UK’s status as a leading global tech hub.