If an organisation holds customer information then data protection legislation must be adhered to. Having access to customer information can be valuable for marketing purposes but it is important to make sure you are staying on the right side of the law when using this data.
Data protection law was introduced to ensure an individual’s right to privacy whilst also allowing an organisation to use existing data for business purposes. The Data Protection Act 1998 came into force on 1st March 2000 and must be adhered to by all businesses using or holding customer data.
Data protection law applies to any situation where an individual within an organisation processes personal data. Any employee who decides what personal customer information should be processed and why can be defined as a data controller.
Personal customer information, or personal data, refers to information which relates to a living individual who can be identified from that data. Organisations may process personal data when, for example, a customer places an order. This information qualifies as personal data and must be treated in accordance with the Data Protection Act 1998. As well as customer data, organisations may also process employee, supplier and business contact information, all categories which are covered by the same legislation.
Data protection legislation applies when customer data is processed, generally considered as being recorded on a computer system or a paper filing system. The term ‘processing’ covers virtually any way in which personal data can be used, from collecting the data to storing it, using it and destroying it.
It is imperative that data should only be obtained for specified and lawful purposes, for example, obtaining a customer’s address details because they have placed an order. The Data Protection Act 1998 states that data should be adequate, relevant and not used for purposes outwith those for which it was initially gathered. This means if you want to use customers personal information for marketing purposes, you must first gain the customers consent.
Data must also be accurate and, where necessary, kept up-to-date. There are also timeframes within which data should be stored and data should not be kept longer than is necessary for the purposes it was processed.
It is also important that data is stored safely, especially when considering a customer’s personal banking data may be held by an organisation. Businesses are responsible for ensuring that suitable technical and organisational measures are taken to ensure data cannot be used in an unauthorised or unlawful way.
This may simply translate as having password protection to systems where customer data is held or can be more complex, depending on the organisation, the software used and the data stored.
In terms of database marketing it is also essential that an organisation does not pass customer details onto other companies for marketing unless the customer has agreed.
Paul Buchanan writes for a digital marketing agency. This article has been commissioned by a client of said agency. This article is not designed to promote, but should be considered professional content.