How to keep on the right side of data regulation

With new laws in the offing and regulators getting tough on data usage and digital advertising, brands need to ensure their marketers understand the changes to avoid hefty penalties.

Phil and Dan
Mondelez was rapped by the ASA in 2014 for using vloggers Thomas Ridgewell (image below) and Phil and Dan (above)

The size of the digital marketing opportunity for brands is vast. As the digital sphere expands, the need for training in the regulations surrounding digital technologies, channels and platforms grows too.

Protecting the consumer is certainly of utmost importance for regulatory authorities in the UK and the rules are growing tighter all the time. The Advertising Standards Authority (ASA), for example, has recently begun cracking down in earnest on digital advertising formats such as sponsored videos and ‘native advertising’ that fail to make commercial relationships with brands clear.

Paid-for articles produced by The Telegraph and Buzzfeed for Michelin and Dylon Colour Catcher, respectively, have been censured since last December. In 2014, Mondolēz similarly breached rules by using YouTube vloggers in its ‘Oreo Lick Race’ campaign, without clearly identifying the content as advertising.

Meanwhile, the EU’s General Data Protection Regulation (GDPR) promises more challenges for brands as regards training marketers in their legal responsibilities.

Penalties for breaching consumers’ data rights are set to become harsher, with companies facing fines of up to 4% of turnover. Other notable changes to existing law, such as the ‘right to be forgotten’ and the need for brands to have ‘unambiguous’ consent for data collection, data usage and marketing will require careful preparation in time for when the GDPR comes into effect in 2018.

Education for evolving fields

“As marketing professionals, it is important we do not abuse the information that we now have at our fingertips and that philosophy runs through everything we do,” says Elly Cockcroft, head of marketing at Marylebone Cricket Club (MCC). “The explosion of data-driven marketing inevitably means that it becomes open to abuse and that in turn fosters the need for stricter regulations and guidelines.”

Cockcroft welcomes the forthcoming GDPR as it provides the necessary modernisation of the principles of the previous regulations. “At MCC, it is the joint responsibility of legal, IT and marketing to implement the relevant security measures,” she explains. “Educating the team is critical to ongoing compliance so internal training, as well as potentially the use of external experts, will be given to anyone who handles data on a daily basis.”

The strategy at the MCC has evolved over recent years so that the brand is more conscious than ever of the need to be cautious in its approach to data-driven marketing. Cockcroft says the focus is on the need to respect the rights of the individual whose data is being processed and ensure it is compliant.

“We would work with our external agency and our legal and IT team to help keep us on track with changes to data protection regulations,” says Cockcroft. “These sorts of subjects can be particularly dry, so scenario-based training often helps liven things up and keep the training real and therefore easier to absorb.”

James Milligan, solicitor at the Direct Marketing Association, advises: “Brands should be using the next two years to do their own internal investigations and find out what impact the [GDPR] changes are going to have on them. Then work out their own implementation plan and make sure the appropriate staff will be advised of the changes.”

Where the ASA is concerned, brands need to make clear whether there has been any payment or the advertiser has any editorial control, and to do that before consumers engage with the content, ensuring they are not misled. However, the often-fuzzy lines that define native content are a potential headache for brands that operate in the digital sphere.

Richard Lindsay, director of legal and public affairs for the Institute of Practioners in Advertising (IPA), comments: “It is fair to say that the ASA has struggled to find a way of applying these transparency rules to the world of blogs/vlogs and native advertising. It’s not easy sometimes to see what’s on the right side of the line and what is not.”

At loyalty brand Nectar, all staff from the receptionist up to the CEO are trained in evolving regulation. The training aims to recognise that people understand information in different ways. The company uses a range of different tools such as online training modules and engaging films in the style of Virgin Atlantic safety briefings.

As well as these online assets, there are modules delivered by the brand’s marketing agencies, both formal in style and the more informal ‘cupcake and learn’ sessions, where speakers focus on bringing dry content to life. The ‘talent and culture’ team interfaces with the legal team in a bid to create training that is engaging and relevant.

“We are only going to see more and more evolutions of regulations as authorities try to keep up with developments in advertising and marketing, and try to protect customers,” says Will Shuckburgh, managing director at Nectar UK. “The way we deal with that is by not thinking of it so much as training: we take the principles of marketing and make sure that people are really engaged in that information.”

Nectar says the brand is driven by its ‘TACT Principles’ – transparency, added value, control and trust – which help it stay on track with the ability to have a dynamic conversation with customers and keep legal. Shuckburgh believes that pursuing a proactive strategy will help the brand adapt to recent changes as well as those ahead.

“Some of the regulations on vlogging guidelines are really just a natural reflection of what we would apply to our TACT guidelines, for example, where transparency is key.”

Direct Line runs compulsory training for marketers on key regulatory issues

Customer culture

‘People-powered’ mobile network giffgaff believes being audience-centric goes hand-in-hand with keeping on the right side of the regulations. The whole brand proposition is about delivering an improved customer experience and making it easy for those customers to share that experience with others.

Alison Esposti, head of acquisition at giffgaff, refers to it as a “frictionless experience” – meaning that the first metric its marketing is measured by is consumer satisfaction.

Giffgaff displays a confidence about meeting the requirements of the GDPR in 2018 because of this existing focus on the customer.

“The great thing about giffgaff is that we’re highly member-centric, so when we make decisions we collaborate with our members to ensure we’re doing the right thing by them,” explains Esposti. “When new regulations come about, which have good intentions of keeping people and their information safe, of course we take them seriously but also they are in line with the approach we would choose to take anyway.”

As well as keeping on the right side of data regulation and advertising guidance, giffgaff is careful to keep that focus on the customer top of mind: if it were to overstep the mark by delivering an unclear advertorial, serving an irrelevant message or getting frequency capping of online ad impressions wrong, it would be in danger of delivering a poor experience to those customers and losing them.

The tactic giffgaff is already taking on training for any new advertising or data regulation is regular discussions and updates carried out in close collaboration with its media agency.

“Overall, our view and our media agency’s [view] is that the new data directive is much more all-encompassing and this will have to have an impact on the marketing industry as a whole, with all parties needing to improve best practices in areas such as transparency and consent, as we move to being highly data-led,” says Esposti.

A switched-on brand knows that data compliance works hand-in-hand with data-driven innovation. “We always make it clear what [customer] data will and won’t be used for and many of our data-driven innovations are underpinned by this transparency,” comments Katrina King, head of customer marketing at Direct Line Group. “We need to create win-win situations for our customers, who will be more likely to provide us with data if they can see the benefits to them.”

Currently, the range of training opportunities for Direct Line Group marketers consists of quarterly compulsory policy learning on key regulatory issues, official HR programmes and what the company’s marketing team calls ‘lunch-and-learn deep dives’, all tailored to support awareness of relevant marketing regulations and best practice.

“We like to tailor training opportunities to the individual needs of our people and support them to learn in the way that most suits them,” explains King. “With all the learning and development opportunities available, everyone can find the learning model that works best to meet their needs.”

Today’s consumers, who have wholeheartedly embraced digital technologies into their lives, understand that their banks, credit card companies, government and mobile phone provider know a lot of things about them. However, as the world gets digitally savvier, questions arise as to the value they put on their digital selves and how they feel about their data being managed and sold by others.

The other night, my wife clicked on a quiz app to find out her most used words on her Facebook posts. In order to get that frivolous piece of information, she had unwittingly clicked a button that allowed an anonymous marketing firm to get access to swathes of Facebook data about her and her friends. Did she click ‘agree’ really understanding what that ‘agree’ meant? I don’t believe so, but many of her friends were doing it, which had the effect of providing ‘social proof’.

Data permeates everything that we do in our digital lives and is an intrinsic part of the processes of all organisations. The challenge for marketers is that as people become more aware of what is being done with their data, they are less likely to surrender it without a ‘reward’.

The EU General Data Protection Regulation will bring this into sharper focus from 2018. Companies will require ‘unambiguous’ consent for the use of personal data, with a far greater degree of transparency. Brands will have to develop a simple, compelling story to ensure each consumer first understands and then wants to be marketed to.

To be successful in the new digital world order, brands need to give consumers tangible benefits for sharing their data with them: the ‘give-get equation’. If I, the consumer, give marketers access to my life through monitoring my mobile phone, crunching every nuance of my friends’ and my Facebook feed, I need a worthwhile return. Brands that fail to fulfil their side of the bargain may find their use of personal data coming under increasing scrutiny, as consumers begin to talk about invasions of privacy and breaches of law.

An effective training course on the laws around data use and data collection can no longer be just about the law. It is imperative that the marketer understands the psychology of the privacy relationship, and recognises the need to build this understanding into lead generation programmes, the user experience and the consent management platform. People trust brands, not privacy notices. Build trust in the brand first; the very personal data and profits will follow.

Hide Comments1 Show Comment
  • TDP Marketing 8 Feb 2016 at 10:56 am

    Many of the recent data breaches that the GDPR aims to address in the UK, are often largely the result of lack of corporate definition on data protection guidelines, poor internal security and an absence of data governance of marketing channels that brands have failed to grasp.

    Our self-assessment course for e-Learning on the Principles of the Data Protection Act is guaranteed to raise some eyebrows within any organisation and are a good resource for testing even the most informed data controller within a marketing company.

    Matt Grant

  • Post a comment

Latest from Marketing Week


Access Marketing Week’s wealth of insight, analysis and opinion that will help you do your job better.

Register and receive the best content from the only UK title 100% dedicated to serving marketers' needs.

We’ll ask you just a few questions about what you do and where you work. The more we know about our visitors, the better and more relevant content we can provide for them. And, yes, knowing our audience better helps us find commercial partners too. Don't worry, we won't share your information with other parties, unless you give us permission to do so.

Register now


Our award winning editorial team (PPA Digital Brand of the Year) ask the big questions about the biggest issues on everything from strategy through to execution to help you navigate the fast moving modern marketing landscape.


From the opportunities and challenges of emerging technology to the need for greater effectiveness, from the challenge of measurement to building a marketing team fit for the future, we are your guide.


Information, inspiration and advice from the marketing world and beyond that will help you develop as a marketer and as a leader.

Having problems?

Contact us on +44 (0)20 7292 3703 or email

If you are looking for our Jobs site, please click here