GDPR: The death of telemarketing?

An expert panel at a recent Computing event discuss whether telemarketing will still be possible once the GDPR comes into force

Will the impending General Data Protection Regulation (GDPR), which brings with it the need for consumers to 'opt in' to marketing messaging, spell the end of telemarketing?

That question was debated by an expert panel at Computing's recent Enterprise Security and Risk Management summit.

Erik Vynckier, board member at financial services firm Firesters Friendly Society, explained that his organisation is already demanding opt-in for its marketing activities.

"We made an active decision pre-dating GDPR that we'll ask for consent for all marketing," said Vynckier. "We are most likely missing sales because of this in all liklihood, but we rate our reputation more highly than making new sales. So we made a strict decision to have active consent before any marketing of our own or of third-party products. THe only thing a client sees otherwise is communication around what he has already bought, unless he's proactively accepted additional marketing."

The panel earlier argued that GDPR compliance is not an IT project.

Paul Edmunds, head of technology, at the National Crime Agency (pictured), said that telemarketing is becoming less common due to a variety of factors, only one of which is the GDPR.

"There's a general trend away from telemarketing towards internet-based marketing anyway. GDPR is another thing which makes telemarketing harder, but there are other factors hammering bigger nails in that coffin. The whole point about GDPR is it's about taking a different attitude towards personal data, that data is the oil of the new economy, and the laissez faire attitude to data that lots of individuals have had will change. Companies will see data as a precious resource. That thinking is embodied in GDPR legislation," argued Edmunds.

He continued, stating that the GDPR will force organisations to better manage their data.

"It's about having sufficient controls in place," said Edmunds. "The thing about the high level of fines coming into play is it will focus people's attention on it, especially at a board level. You might be able to push through some of the controls because of those fines."

Grant Clements, princpal consultant, cyber security, at CA Technologies, said that many firms are only starting to think about GDPR now.

"In CA we have lots of conversations with customers who only now are starting to take GDPR seriously. They're starting to panic. I'm wondering whether that's part of a broader trend," he added.

Edmunds agreed. "It has been ignored, but now people are starting to talk about it more," he said.

Vynckier argued that bringing the fines,which are up to four per cent of the annual turnover of the parent company, to the board's attention could be a good way to secure its backing.

"Mentioning the fines is a good way to focus the board's mind."

The GDPR will come into force in May 2018, and will apply in the UK irrespective of the UK's membership status within the EU.

Computing has compiled a list of resources to help organisations and IT professionals prepare.