The B2B Marketing Committee of the Spanish Marketing Association has organized a new webinar under the title “Data privacy policies in B2B”, in collaboration with the FEDE.
Jose Carlos GutiĆ©rrez, president of the FEDE, Federation of Advertising and Communication Companies, has introduced the conference highlighting the importance of privacy policy for both companies and consumers. “As we have seen as a result of the last B2B study, the application of the GDPR is one of the biggest causes of concern for many companies.ā.
In this sense, Enrique Arribas, president of the Spanish Marketing Association, has pointed out that for MKT data protection is consumer protection with a coherent value proposition. “In the association we promote days of good practices to analyze the needs of the B2B sector. Applying the RGPD is a matter of responsibility on the part of companies towards consumers ā.
Under the moderation of the person in charge of the B2B Marketing Committee, Alberto Pastor, the seminar on-line has deepened the application of the RGPD, focusing on marketing between companies (business to business) and analyzing the legal and practical interpretation of this regulation that is being applied by the market and the administration.
Changes to the new regulation for companies and individuals
The day started with an analysis by JuliƔn Prieto Helgueta, deputy director general of the General Data Protection Registry on the changes that the new regulations have entailed. In the first place, Helgueta has called for companies to implement a preventive plan with the aim of helping to implement the regulations so as not to apply extreme solutions such as opening a sanctioning file.
From the Data Protection Agency they warn that the scope of application of the data protection regulations, reaches any personal data and its treatment managers not only in Spain but also in the European Union, a substantial change with respect to the regulation 2007.
Regarding the novelties, the regulation is based on two novel principles. As Helgueta explains āWhat changes is the principle of proactive responsibility (accountability), not only must the norm be complied with, but it must also be demonstrated that it is fulfilledā. Another aspect that changes is the approach to risk. “What was previously regulated by the regulator is now left in the hands of those affected and given a very important flexibility to process the dataā. In this sense, the figure of the DPO (data protection officer), the data protection officer, in each company: the person designated to supervise compliance with the regulations and advise on this matter. Companies have to address new rights, such as data portability and limitation of treatment.
From a legal point of view, Alejandro GarcĆa del Valle, lawyer at Riestra Abogados, has analyzed how the regulations are consolidated and what aspects companies are most concerned about. “In the Marketing departments there was a lot of concern about the new regulations and the first big question was the use of databases. To this day, 3 years later, the RGPD is still an accessory activity, it is seen as something that must be fulfilled and forgotten. Database owners must adopt a different attitude to the previous regulation, but it is still difficult for them to take the risk approach and proactivity to enforce it.āHas stated Garcia del Valle.
From Riestra Lawyers They call on companies to analyze the risks and comply with the new regulations before starting a project. “You have to be very clear about who are in charge of ensuring compliance with the regulation and it is a figure that is not yet delimited in many companies. It is necessary for the professionals who are dedicated to this field to have training for companies and marketing departmentsā.
From Riestra Lawyers warn that before carrying out promotional actions, users must be duly informed, “the new regulation is more guaranteeing for users and agencies and advertisers must be clear about how to capture this dataā.
The GDPR applied to advertising: greater control to protect the consumer
Marta Ayed, Director of Digital Development at Self-control, has explained how advertising self-regulation is being carried out in Spain. In this sense, he has pointed out that the AUTOCONTROL Advertising Code of Conduct binds all the companies adhering to the Association that undertake to comply with its rules and submit to the Advertising Jury, which is the body in charge of compliance. “In addition, Autocontrol applies 21 sectoral advertising codes of conduct and this allows the public administration to count on us to comply with the regulationsā.
At Autocontrol, the first Code of Conduct approved and supervised for the advertising sector by the Spanish Agency for Data Protection (AEPD). A code that provides the sector with a mechanism for the alternative resolution of data protection claims. “The process to resolve claims consists of mediation, and if necessary, it is resolved through the Advertising Jury. It offers a specialized, agile, low-cost and efficient mechanism for resolving consumer complaints in terms of data protection.ā.
This code improves the reputation and image of the company and the trust in it in the eyes of consumers and authorities, including the AEPD and is also integrated into the Corporate Social Responsibility (CSR) program of companies, reinforcing it, in the field of marketing and data protection.
The RGPD, a paradigm shift for Marketing departments
The day concluded with a presentation by Casilda Lazcano, Delegate of Data Protection in INFORMS, who has pointed out that the new RGPD has meant a paradigm shift for companies. “With regard to marketing actions, the advertising exclusion systems should be highlighted, before doing any action with the user there must be a data cross with the Robinson listāLazcano explained.
Lazacno has also ensured that for a marketing campaign what applies is the Law of Services of the Information Society and Electronic Commerce “this law has not changed anything. In this sense, the sending of advertising or commercial messages by email is allowed to those users who had previously requested or expressly authorized it. However, the sending of commercial communications is allowed to those users with whom there is a prior contractual relationship, in which case the provider may send advertising about products or services similar to those contracted by the client.ā.
In any case, the provider must offer the recipient the possibility of opposing the processing of their data for promotional purposes, both at the time of data collection and in each of the commercial communications addressed to them. The Law also obliges service providers to enable simple and free procedures so that recipients can revoke the consent they have given, as well as to provide information accessible by electronic means on said procedures.