Writing a blog about telemarketing using a list from a data broker and 'Lo!', the ICO news includes a fine placed on a data list broker!
In the news last week: “A firm trading in people’s personal information and describing itself as ‘the UK’s Premier Lead Generation Provider’ has been fined £80,000 by the Information Commissioner’s Office (ICO).
Verso Group (UK) Limited failed to comply with data protection law because it was not clear with people about what it was doing with their personal information.”
Have you ever purchased a list from brokers? Did you check its provenance, as in are you sure the broker had the correct consent? If you didn’t check then you yourself could be liable for a fine as Prodial Ltd found out last year (OK – Prodial took it to an extreme hence the size of their fine).
The spotlight is, as per the ICO news item, on data brokers. But it is also on those of you who use the lists they provide.
Everyone in the chain will need to make sure that consent has been freely and explicitly given.
If you are an outsourced telemarketing company who ultimately calls the person, you cannot hide behind the company who acquired the list and shared (the data) with you. Nor can the company assume that the list they acquired from a data broker contains only contacts who have given their consent to be on it; perform a thorough check of the brokers terms and conditions, privacy and consent statements.
If the brokers themselves don’t already have the correct consent - as per Verso - then they should be looking at getting their house in order now.
The ‘good’ brokers are already rolling out ‘GDPR’ terms and conditions and privacy statements. Look out for these as an initial indicator that the consent has been given by the individuals on the list in such a way that it complies with the requirements of GDPR.
Some think that the price of lists will increase due to the requirements of GDPR. Or the number of contacts available will decrease. So what? Think about the greater quality of the contacts you will be purchasing!
Back to telemarketing. Whether outsourced or in-house telemarketing should be part of your plan to ensure that those you directly market to have given consent that meets the requirements of GDPR where need be. Do read the Information Commissioners blog regarding consent Consent is not the ‘silver bullet’ for GDPR compliance
Further reading on the ICO website: Guidance under the current Privacy and Electronic Communications Regulations (PECR) and Data Protection Act as in what you should already be doing!