In recent research of over 1,000 British companies, it was found that just 20 per cent of businesses said they have started planning for multiple possible outcomes from the Brexit negotiations. The research, Beyond the Cloud: UK Technology Research 2018 carried out by ServiceteamIT and Doogheno also showed that 45 per cent had no plan to make adjustments, with 35 per cent saying they now recognise the need to start planning.

For all that has been written about Brexit, and the ongoing debate whether its right or wrong reality is that the Government has already triggered Article 50 and the end of March 2019 we will leave the EU. And this will impact business. This may be with a long transition period or it may be an abrupt break. Potentially we will still have frictionless trade with the EU and have access to new trade deals around the world, however, it is highly likely that whatever the outcome it will be disruptive to business. While only 10 per cent of survey respondents felt that Brexit has already had an impact on their business so far 31 per cent believe it will be the biggest signal external cause facing their business in the next year.

No one can be clear at this point of what the outcome of the Brexit negotiations will be, from the wildly optimistic to the doomsayers predicting food shortages and planes being grounded. But businesses need to cut through the conjecture and look at the possible realities they could be facing.

Norway Style Brexit – the UK effectively remaining a member of the EU without influence and voting rights, still working to EU law, accepting freedom of movement and having frictionless trade with the rest of Europe. While technically this would be delivering Brexit based on the terms of the referendum it would be very unpopular with many leave voters and it is unlikely that the Government will pursue this approach as it crosses multiple of the red lines set out for negotiation.

Bespoke – The Government’s preferred Chequers solution is to have a deal like no other country given our unique history and relationship with the European Union. This outcome is the hardest to negotiate and while there has been some agreement there has been frustratingly slow progress in the negotiations, with both sides feeling that the other is being unreasonable. It is highly complex having to untangle decades of legislation and even if a broad stroke agreement is reached it will take years of additional negotiation to define and agree on all the elements. The Government is under considerable pressure to not have an extended transition period from within its own ranks but an extended period would be needed to minimise the possible impact on business and citizens of both the UK and the EU. It is becoming increasingly likely that not all the terms could be agreed before the end of March 2019 so there may be an extended transition period where the UK would abide by EU law even though Britain would not be a part of the EU. This would free the UK to open trade deal talks with other countries while having space to plan an orderly exit without it being likened to falling off a cliff. For business, this would mean a smoother transition but it would also extend the period of uncertainty about what rules and regulations they would need to operate under and hamper planning for the coming years.

Canada plus plus plus deal – (modelled on the 2016 deal EU-Canada Comprehensive Economic and Trade Agreement (CETA) that took 7 years to negotiate)
Favoured by the Brexitiers as it achieves most of their wishes; it removes 99% of the trade barriers but it is not built around the single market and require additional regulation. But there are many exclusions still making it hard to trade with the EU. And it doesn’t resolve the Irish border issue.

No Deal Brexit – If the UK and the EU fail to come to any agreement, then there is a high possibility of a no deal Brexit or hard Brexit. In this worst-case scenario, the UK would have no access to the EU market, there would be no recognition of mutual laws and regulations, the UK would fall back on World Trade Organisation tariffs and the UK would be the only country in the world without a single trade deal. If a no deal Brexit is looking likely then it is possible that the UK and the EU may agree to extend the negotiation time. As no deal would impact both parties, and negotiations are moving in the right direction all be it slowly, this is becoming an increasingly likely scenario. While it will ultimately allow for a better outcome it does also mean an extension to the period of uncertainty which will result in a decision making paralysis for many businesses.

Restart the whole process – There are growing calls for a second referendum, or a people’s vote, on the final deal. It is possible that parliament may not have the stomach to pass a deal which they know is not in the best interest of the country and defer their decision making again to the people of the country. This could be in the form of a second referendum or a general election. At the time of writing this outcome is highly unlikely but if voting changed in line with the current projections it could result in business as usual with Europe, although the political fallout would undoubtedly be disruptive.

As the final outcome is unknown businesses should now be planning for the worst and hoping for the best.

Not all companies have shied away from being public about their planning Airbus, for example, have said they are starting to stockpile parts which are normally just in time, 50 London-based banks have approached Eurozone banking regulators about relocating key services and BMW have said they may have to stop production entirely in the UK. While some of the statements by business have been politically motived, such as Amazons warning about civil unrest within 2 weeks of Brexit, much of it is industry experts understanding the full impact of the disruption to their businesses.

To provide some clarity the UK Government is releasing guidance to business and citizens about the possible impact of a no deal Brexit. The EU has already issued 60 preparedness notices that layout its position if the negotiations result in no deal. The effect of the no deal positions is far-reaching, covering aviation, agriculture and industry sectors including technology. Every industry should be preparing for each outcome. The impact on technology used across all industries goes from the fairly trivial such as revoking .eu domain names too far more complex, such as the transfer of EU citizens data to a third country. In the event of a hard no deal Brexit the UK would become a third country at the end of March 2019. And while GDPR would be incorporated into UK law the European Commission would need to make an Adequacy Decision for data to be transferred to and from the UK, meaning that it considers that the third country in question ensures an ‘adequate’ level of data protection. This would not be guaranteed and it certainly would be instant.

Understanding the potential impact of such rulings is the responsibility of business both in the UK and the EU and it should be undertaken immediately.

I am a Brexit Advisor for Enterprise Nation covering marketing, so if you want to discuss this let me know.

Part of our work here at Doogheno involves sending B2B emails for our award winning Account Based Marketing campaigns.  Sometimes it’s for ourselves, sometimes it’s for our customers, such as a large survey we do every year with a company called ServiceteamIT.

Most people respond well.

Some don’t.  Some say you have no right to send me an email, you are in breach of GDPR, and some are even less polite than that.

But the simple truth of the matter is that in the UK, you can still send cold B2B emails.

GDPR makes no distinction between a personal email address and a business email address.  However, UK law does; it is this differentiation that allows companies to still email other businesses, primarily for marketing but in this instance, an invitation to take part in the research. This is because PECR, which is the electronic communications regulation that has been in place for many years and last updated in 2015, has not been replaced by GDPR or the 2018 Data Protection Act in the UK and allows for contact without consent.

However, GDPR does introduce legislation that means that outreach emails can only be sent under certain circumstances and that this communication needs to still be compliant.

There is a legal basis for sending business-to-business email which is called Legitimate Interest.  Currently, this allows for business-to-business emailing where the recipient has not given consent to the processing, providing a legitimate interest test has been carried out and passed, and the sender recognises and respects the rights and freedoms of the recipient, such as responding to their request and actioning the request.

The legitimate interest test is made up of three parts: Identification of a Legitimate Interest, a necessity test ad a balancing test.  In the first part, we look at if the recipient is likely to find the information relevant to their job function, in this case, it is a survey that will be used to provide insight into UK technology adoption and made available after anonymisation, which is reasonable to believe will be informative to the recipient.  The second part of the test covers necessity, and we ask if there is another way we could reasonably communicate this information.  And the third part looks at balance: do your rights as a data citizen outweigh our need to send the information, as we recognise and respect the recipient’s rights, such as providing details on the basis for processing and giving details of how to stop processing or correct any errors we believe that balance is equal.  This approach is defined by the ICO and is fully compliant with GDPR.

The ICO states that in the case of B2B emails this balance will generally fall on the side of the sender but obviously, don’t send irrelevant information to the wrong people.  If you are sending relevant information to someone who it is reasonable to believe will find that information of value and interest then you should be ok.

From the ICO Guidelines

“142. These rules on consent, the soft opt-in, and the right to opt-out do not apply to electronic marketing messages sent to ‘corporate subscribers’, which means companies and other corporate bodies eg limited liability partnerships, Scottish partnerships, and government bodies. The only requirement is that the sender must identify itself and provide contact details.”

“145. In addition, many employees have personal, corporate email addresses (eg firstname.lastname@org.co.uk), and individual employees will have a right under section 11 of the DPA to stop any marketing being sent to that type of email address.”

And the ICO Guidance on PECR

“Although the Data Protection Act 1998 (DPA) only protects individuals, PECR apply to any direct marketing by phone, fax, email or other electronic means. This means that PECR protects companies and other corporate bodies from unwanted marketing, as well as protecting individuals.

However, there are different rules for marketing to corporate bodies and marketing to individuals. PECR place fewer limits on marketing to corporate bodies – but there are still limits.”

“The rules on marketing by email or text are different. The only obligation on the organisation sending the email or text is to not conceal their identity and must provide contact details.

There is no right to opt-out, or to register with a preference service. However, it is still worth asking an organisation to stop sending you marketing emails or texts. Most organisations will not want to waste resources or risk their reputation by sending unwanted messages.

Individual employees with personally identifiable work email addresses (eg firstname.lastname@org.co.uk) can, however, make a written request to stop receiving marketing emails under s11 of the DPA. Organisations must then stop using that email address for marketing purposes within a reasonable period.”

https://ico.org.uk/for-organisations/marketing/the-rules-around-business-to-business-marketing-the-gdpr-and-pecr/

https://ico.org.uk/for-organisations/guide-to-pecr/electronic-and-telephone-marketing/electronic-mail-marketing/

https://ico.org.uk/media/for-organisations/documents/1537/companies-receiving-unwanted-marketing.pdf

And if you found this article of use you will be interested in http://doogheno.com/2018/03/29/gdpr-sales-marketing-a-practical-guide/

In preparing for compliance, companies have tended to focus on how they hold and store current data. They have not given much thought to the impact of GDPR on day to day operations. Your company should already be a long way down the line with its preparation. This paper is not intended for Data Controllers within an organisation or to advise you on how to ensure you are ready across your company for GDPR, it is intended as a reference source for the people handling data subject information within your sales and marketing departments.

The introduction of GDPR will impact every area of business, sales and marketing in particular, as it brings with it a requirement for a new level of responsibility. New data collection and the use and storage of data within departments have tended to be overlooked. This short paper looks at the specific practical implications of GDPR on sales and marketing. Every Information source on GDPR details the very high fines that accompany the new regulations, up to €20 million or 4% of global turnover. This alone should be enough to focus your mind on conforming to the regulations, and we believe that if you follow solid principles and best practice, your business will be able to achieve compliance and avoid incurring fines. Throughout this paper, it is assumed that the companies involved are working in the B2B space within the UK. We also assume that you have already had a look at the GDPR regulations that will be coming into force in May. General Data Protection Regulation (GDPR) comes into effect on the 25th of May, 2018.

What is your risk?

It is unlikely that your company will be picked for an audit, so for sales and marketing, the highest risks within your control are data breach, or being reported by an unhappy contact. Your Data Controller should inform you of what to do in the event of a data breach, and you should familiarise yourself with the process of immediately reporting a breach to them. Being prepared and efficiently handling requests from contacts, to opt out of future communications for example, will minimise risk. But this is not an excuse to be complacent, one complaint could be very disruptive to your business and lead to a damaging fine. GDPR might feel frustrating but it is for the benefit of us all as it protects how our personal data is being held and used. It is good practice to treat every contact with the same security and diligence with which we’d expect our credit card company to treat our own personal data.

The General Data Protection Regulation (GDPR) is a ruling intended to protect the data of citizens within the European Union. The GDPR is a move by The Council of the European Union, European Parliament, and European Commission to provide citizens with a greater level of control over their personal data. This applies to the UK and will not be affected by Brexit.

The basic principles are:

Lawfulness, fairness and transparency Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject

Purpose limitation Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes

Data minimisation Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed Accuracy Personal data shall be accurate and, where necessary, kept up to date

Storage limitation Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed Integrity and confidentiality

Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures

Accountability The controller shall be responsible for, and be able to demonstrate compliance with the GDPR

If you are new to GDPR I recommend that you read the Information Commissioners Office Guide https://ico.org.uk/for-organisations/guide- to-the-general-data-protection-regulation-gdpr/

As we are looking at the specifics of job functions we are only working with the main points that you should be aware of. This guide is intended to enhance your knowledge and allow you to apply it to your job role.

The Basics
…the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.”

GDPR requires the sending party to justify that a communication is in the legitimate interest of, and does not risk the privacy of, the individual concerned. The following of a three-step process, a Legitimate Interest Assessment, is required. This assessment should be recorded and attached to the record in the CRM in case it is required at a later date. Details of your legitimate interests must be included in your privacy notice.

1. Identify a legitimate interest. Sending a sales email to a person within a company who has decision-making responsibility for specifying and purchasing services that you sell would be a legitimate interest.

2. Is it necessary? Could this communication be achieved by another means? The business objective could determine necessity.

3. Strike a balance. Do the recipient’s rights override the sender’s interests in sending the email?

Legitimate Interest Legitimate interest is already reasonably well established and understood, as it is the basis for unsubscribe links. Any contact can object to direct marketing and this principle still remains. In most instances, Legitimate Interest will be used as legal grounds for marketing activity. But this does not give marketers carte blanche to continue the practices they have used previously.

If you want to read the rest of this guide download it for free from here