How GDPR affects brands and their promotions

By Joanne Kimber, managing director, Granby Marketing.

Promotional marketing often requires the collection of personal data, meaning the full GDPR rules apply.

To begin with, when collecting data, it needs to be very clear that the individual knowingly ‘opted in’, and they understood what information was being collected and why.

For example, a pre-ticked checkbox on a form won’t pass the ‘positive expression of choice’ test. A box that the individual must tick themselves, along with a reassuring message about personal data privacy and an easy link to the terms and conditions is the way to go.

The user should know what information you’re intending to hold, whether that’s name, address, IP address, or finances, for example. And to keep your data auditable, record how you obtained the data, such as through a purchase, competition entry or an on-pack promotion, as well as the date it was received.

When collecting the data, the individual must have a clear understanding of how it will be used. If you’re intending to enter someone in a competition, add them your mailing list, or keep a profile of them, you’ll need to say so up front - and only use the data for that purpose.

Many promotional campaigns require a third-party to access your data, whether that’s for a mail-out or competition prize fulfilment. Where this is the case, the individual should be made aware at the outset of who will handle the data and why. When dealing with a third party, agree and obtain a written contract covering how the data will be processed, how they will ensue it remains safe, and when they will delete it.