GDPR bites and mail bounces back

It’s been less than three months now since the GDPR came into force. We look at what has happened to organisations caught out by GDPR, what you can do to comply, and some surprising trends with businesses cashing in on its implementation across the EU.

The GDPR is actually good news, coming into being as a response to unscrupulous marketing and data analysis firms  harvesting and selling user data and distributing and spamming EU citizens with unprompted emails, mail and phone calls, without explicit user consent.

  • The General Data Protection Regulation came in 25th May 2018
  • EU wide Data Protection Rules that streamline the way all personal data, of all types, is stored and handled across all EU member states
  • In force in European Union (EU) & European Economic Area (EEA)
  • Addresses the export of personal data outside the EU and EEA

Previous UK data laws, the Data Protection Act 1998 (DPA) and EU Data Protection Directive, didn’t really have much in the way of fines for infringement. In drafting the GDPR, the EU recognised that it needed much stronger legal ‘teeth’, and financial penalties for non-compliance have changed radically with the GDPR, now enshrined in the UK’s own Data Protection Act 2018.

“Fines can be invoked of up to 20 million Euros or 4% of organisation total global turnover, whichever is the greater.”

How does GDPR work to benefit EU citizens?

Let’s take an example. If Joe Bloggs opens an unsolicited email from you that he objects to and hasn’t opted in to receive, he could report you under GDPR regulations. That’s a similar situation as before, but the difference under the GDPR is that far more power now resides with each citizen inside the EU on how their personal data can be stored, handled and processed . The enterprise sending Joe the email is liable for a caution or a fine under GDPR legislation.

In another example, Joe hears in the news that the EU based online dating site he has signed up to has been hacked, and that his personal data may have been stolen. Under the GDPR this report likely hit the news because all enterprises must report any data breach of user data within 72 hours, if they are likely to have an adverse effect on user privacy. Again, the enterprise handling Joe’s data may be cautioned or fined.

What are the fines so far for GDPR breaches?

It was initially thought that the approach of authorities monitoring GDPR compliance would be as it has been in the past, which was to ensure you’re at least working on compliance, and to gently push you in the right direction, rather than impose big fines at the outset.

That’s why everyone is watching the Dixons Carphone data breach reported in June. Even though the breach happened before GDPR came into effect, the data breach was later discovered to have affected a lot more personal records than initially thought. Under previous data protection rules the maximum imposable fine would have been £500,000, whereas under the new GDPA Dixons Carphone could face fines of up to £17.6m (€20m).

The Information Commissioner’s Office, in charge in the UK of looking into GDPR compliance related to data breaches said:

“Dixons Carphone reported a data breach to the ICO in June. The company has now confirmed that the incident affected the personal data of 10 million records, which is significantly higher than initially stated. Our investigation into the incident is ongoing and we will take time to assess this new information. In the meantime, we would expect the company to alert all those affected in the UK as soon as possible and to take all steps necessary to reduce any potential harm to consumers. We will look at when the incident happened and when it was discovered as part of our work and this will inform whether it is dealt with under the 1998 or 2018 Data Protection Acts.”

The market reacted predictably to the news, with Dixon’s shares having fallen almost 8% since mid June.

But it’s not just about organisations directly hit by data breaches under GDPR regulations. Just ten days after the GDPR came into force, some companies felt the pinch of its effects on their future business. Publisher Johnston Press was one of the first media organisations to take a GDPR related hit, after the group at their June AGM cited the impact of more onerous European privacy restrictions as a contributory factor to a decline in their digital ad revenues. Their overall revenues fell 9% over the first half year.

Apart from the large potential fines, the requirement to disclose any user data breach is a key aspect for all organisations handling data, and where the GDPR is aided in ensuring it has a good chance of getting taken seriously and implemented right across the EU.

What’s ‘personal data’ and who needs to comply with GDPR?

Whilst GDPR requirements might appear onerous for many businesses, it conveniently provides just one set of regulations to comply with. Before GDPR, there were actually 28 sets of rules in place in different EU countries regarding personal data.

The GDPR contains provisions and requirements relating to processing of personally identifiable information (personal data) of individuals inside the European Union. It applies to the processing of the personal data of any person inside the EU by any enterprise established in the EU, regardless of the data subjects’ citizenship, and regardless of the enterprise’s location or even its size.

The GDPR applies as much to sole traders as it does to large corporates. Controllers of personal data within any enterprise must put in place appropriate technical and organisational measures to implement the GDPR data protection principles.

The GDPR assumes data protection by design and by default, which means each process handling personal data must be designed and built with consideration of GDPR principles, as well as providing safeguards to protect that data. For example, ideally all user data should be anonymised, as well as having the highest-possible privacy settings by default. This means that the user data is secure and not available publicly without explicit, informed consent, and cannot be used to identify a subject without additional information stored separately.

The GDPR also says no personal data may be processed unless it is done under a lawful basis specified by the regulation, or unless the enterprises’ data controller or processor has received an unambiguous and individualised affirmation of consent from the data subject. Any person in the UE or EEA (data subject) also has the right to revoke this consent at any time in the future.

Any processor of personal data must clearly disclose any data that has been collected, declare the lawful basis and purpose for the data processing, and state how long the data is being retained, and also if it is being shared with any third parties or outside of the EU.

Data subjects have the right to request a portable copy of the data collected by a processor in a common format, and the right to have their data erased under certain circumstances. All public authorities, and businesses whose core activities centre around regular or systematic processing of personal data, are required to employ a data protection officer (DPO). The DPO is directly responsible for managing compliance with the GDPR. Matthew Lea, Data Protection Expert, Herrington Carmichael Solicitors, said:

“Where you collect personal data of an individual, you are required to provide information such as who you are, how you can be contacted, details of your organisation’s Data Protection Officer (DPO) if you have appointed one, why you are processing their personal data, who you are sending it to, and if you are transferring their data abroad. You also need to provide information on their rights as data subjects, and say how long you intend to keep their personal data for.”

The six legal grounds for data processing under GDPR
  1. Consent has been given by the data subject
  2. Processing is necessary for the performance of a contract with the data subject, or to take steps to enter into a contract
  3. Processing is necessary for compliance with a legal obligation
  4. Processing is necessary to protect the vital interests of a data subject or another person
  5. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  6. Necessary for the purposes of ‘legitimate interests’ pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

Regarding point 6, you may be OK if you hold and process user data based on ‘legitimate interest’. To see whether this is the case with your data the best way is to assess this using ICO guidance – click here.

What do you need to do to get GDPR compliant?

There are many aspects of business that you need to look at. Most UK organisations have a website and user or customer specific data of some type stored somewhere, whether website or email newsletter registrations, or user data in financial, telephone, email, CRM, sales or marketing systems. Basically anything than can identify a user.

The simple first things you can do relate to your website and any user data you hold. Your website privacy notice can be amended to indicate how your organisation complies with GDPR requirements, as well as the text that goes with websites forms used to collect personal data, such as the ‘Contact us’ forms that many websites have. Another recommendation is to mention that you hold and manage user data in a GDPR compliant way.

You could do this by adding a link to your website privacy notice in your organisation’s standard email footer, which ensures all the people you communicate with directly have access to it.

Here’s a more detailed list of things to be fully GDPR compliant:

  1. Inform your organisation internally about GDPR
  2. Website privacy notice – create or update your page(s)
  3. Cookies – sort out your website cookie control and policy
  4. Forms – update client enquiry, email news and lead capture
  5. Records – record the user ‘opt-in’ process
  6. Campaign pages – GDPR compliant landing pages
  7. Improve your security around all your user data
  8. Consider GDPR compliance software and data insurance

Cashing in on GDPR

On the flip side, companies are also legitimately capitalising on the GDPR, sometimes in surprising and interesting areas.

Confidential waste specialist Russell Richardson has geared up to make life easier for businesses beefing up their data protection processes in line with GDPR. As shredding, archiving and recycling experts, they brought in a  multi-tasking mobile shredding truck which they have taken out on the road. Their massive mobile shredder can deal with up to 2.5 tonnes of confidential paperwork an hour at a client’s premises, and can destroy data-packed computer hard drives, CDs and memory sticks in seconds.

“Some companies used to throw whole computers in a skip with the hard-drive still in place. Now GDPR has imposed tighter rules, we scaled up to help companies who have to take extra care of their data. We’re seeing an increase in customers who prefer to witness on-site the certified destruction of data stored on computers and tech devices.”

Most enterprises with big customer and partner email databases have sent out individual special ‘opt-in’ emails to all of their users, to make sure they are GDPR compliant. Other smaller companies have just ditched their email or CRM contact databases, deciding that filtering them all for GDPR compliance is just not worth the hassle, or that continuing to send emails out to their whole contact database is now just too risky.

One interesting aspect of GDPR relates to mail, which may have an advantage versus electronic communications in meet conditions for what the GDPR calls ‘legitimate interest’. In this case you don’t need specific user consent for future postal marketing. This means that, despite higher mail costs versus email and electronic communication, many enterprises are now seriously reconsidering the option to post selected information direct to their customers.

Direct mail and print companies are also beginning to benefit from GDPR for the same reason and, after decades of decline in mail volumes and as we don’t now get much mail, it is likely to become very attractive to marketers to use mail to gain awareness of company products and services to customers.


The bottom line is that the GDPR is here to stay, and isn’t going to go away. “What about Brexit?” you might ask. Well, even though the UK voted to leave the EU, the Government decided we would still comply with the GDPR, and you have to follow the regulations.

So, instead of hoping to get around it, if you really haven’t yet got to grips with your obligations under the GDPR, see it for what it is. An opportunity to tidy up all of your customer data and mailing lists, consolidate them all into one secure system or location, and to implement systems and processes to ensure that all of your data related to individuals is stored, managed and processed in line with GDPR requirements.

The good news is GDPR means a lot of the spam emails and unsolicited calls and mail you used to get will disappear. You’ll also likely start getting targeted mail through the letterbox too, that is better designed, more interesting and useful to its recipients. As this happens, consumer confidence in communications from organisations will steadily rise, email open rates and click rates will improve and mail response will increase, as people only receiving information and offers from the companies they like and trust.

That can only mean that being part of the GDPR solution, rather than against it, is good news for future business communication.

Supercharging the speed of business

What if you could have your own motorway lane to get to work and then drive at whatever speed you wanted, rather than fighting with all of the other commuters for lane space and suffering all the usual speed restrictions.  You’d probably jump at the chance.

Fighting for space, what you experience going in to work every day, is what it’s like for millions of business users, employees and partners with poor internet speeds.

Internet speed is holding back British business

Let’s be honest, what was fast internet access a few years ago is pretty slow today. We’re all used to our new mobile moving to the latest ‘G’ when we upgrade every two years or so, and then suddenly we can see live streamed footage of our favorite sports team, seamlessly, in high resolution. So why hasn’t business kept up with high speed internet at the same pace?

These days high speed exchanges feed broadband internet into most UK towns and cities, and the UK now has 95% coverage for broadband with speeds of 24 Megabits per second or higher.  However, many  businesses are stuck at the mercy of the rickety old telephone wires that are limited in the speeds they can support. If it’s copper wires that link a business premise to the high speed exchange cabinet, which might even be miles away, then this can create grindingly slow broadband connections for staff.

For fast, reliable business broadband,  a full fibre optic cable connection is required. Fibre is capable of delivering Gigabit speeds, and one Gigabit is 1,000 Megabits, so it’s a big leap forward in connection speeds that could benefit you and your business into the future. But the key challenge for most smaller businesses has not so much been the cost of Gigabit speed line rental, but the high cost of installation of this type of high speed line to their premises.

UK Government Gigabit Broadband Voucher Scheme (GBVS)

Launched in March 2018 the GBVS is a £67m UK government fund that currently runs until March 2019. GBVS is a grant contribution to pay towards upgrading broadband to a high-speed Gigabit capable connection. To put it in context, to stream an HD movie you would need a connection speed of about 5 Megabits per second (Mbps), so with a 1 Gbps line up to 200 people could watch an HD movie simultaneously . Full fibre also supports symmetrical connections – meaning your upload and download speeds can be the same.

Most UK small and medium sized organisations, in all sectors, with 1 to 250 employees and less than £50m turnover, could be eligible for a GBVS grant of up to £3,000. This grant can be used to help pay for a high speed broadband connection as part of a group project, or directly to a single business premises.

This is how the Gigabit Broadband Voucher Scheme works, managed by the UK Government Department for Culture Media and Sport.

UK Government GBVS Gigabit Broadband Voucher Scheme

  • Find out if you are eligible for the GBVS scheme – click here
  • Find out how NUCO International has benefited – click here

Why high speed Internet is crucial for your business

Mobile devices are actually part of the problem many businesses now have. New faster mobiles and BYOD (Bring Your Own Device) programs, supporting workers’ own and business smartphones and tablets, incrementally grow the demand for Internet bandwidth. More people and more high speed Internet-linked devices in your company simply soaks up your limited bandwidth, and also the speed that bandwidth can deliver when accessed almost all the time. And it’s the same effect whether people are connected to your internet by cable, or using company Wi-Fi to manage business requirements on a PC or mobile.

At home, the lack of a high speed internet connection may be frustrating, with occasional breaks in your movie or the ‘spinning wheel of death’ as content buffers. But, with your business, slow internet speed is a potential future killer. It’s not just the lost productivity, when your staff can’t upload and download files they’ve been sent on email quickly, it’s the lack of options you then have to make your staff more productive, and to collaborate with each other more easily.

Don’t despair, here are just five of the opportunities that businesses with high speed Internet can make the most of straight away, today:

Cloud computing applications

Most people have heard of this and examples of cloud computing are things like mobile email, social media and Spotify that we all use at home. But, in business, growth in cloud computing services and resources can keep your employees more focused and more productive. For example they could use products like Microsoft’s Office 365 to access meeting details, contacts or emails on their laptop or mobile, or contribute to a team conversation via an online project site. And all of this information and data is synchronised in real time in the cloud, inevitably requiring a consistently fast connection to the internet. The longer the response time from an outside resource, like a cloud based Customer Relationship Management (CRM) system, the more that users can waste time and lose focus on their business task at hand. Since the number of applications hosted by cloud providers have jumped a hundredfold in the last five years, companies need to upgrade their Internet connections urgently to maintain quick response times, and so their staff can interact and contribute rapidly, and remain constantly productive.

Big emails and multimedia websites

These days businesses rarely send the two or three line emails of old. Email has become a lot more visual, and photos and graphics have become part of almost every message, helping to share ideas and better explain the wider concepts of projects. They say a picture is worth 1,000 words, but a 500 page document written in Microsoft Word is about the same size as one email picture attachment. Not only that, but modern websites have abandoned pages of text for shiny new websites with photos, logos, banners and, increasingly, high resolution videos. All of these inevitably require far more bandwidth, in order to avoid longer load times to view them. Video streaming takes even more bandwidth. Few will notice the speed loss when one or two staff click on the latest video on YouTube. But when you’re talking about streaming business webinars, as well as streaming instructional videos or online courses, your bandwidth can disappear in a hurry and other important work using the internet can very soon slow to a crawl.

VoIP telephones

VoIP stands for Voice over Internet Protocol. It has become the dominant technology as businesses have brought in new VoIP phones to replace older landline systems. There are many great reasons to switch to VoIP, including things like caller recognition, but each VoIP conversation takes about 100Kb of bandwidth each and every second. If your company has just a few employees then that’s rarely a problem, but if you have 20 staff on the phone at any one time, you could easily max out all of your upstream speeds on most common business Internet plans. Without the right speed connection, call quality and data traffic also both suffer. A high speed Internet connection requires an ample supply of upstream bandwidth to maintain high-quality, real-time VoIP conversations, but high speed fibre connection services will have carrier service level agreements in place to provide and guarantee these high quality voice connections.

Video conferencing

When every company is looking for ways to increase the pace of their business by improving collaboration, whilst at the same time reducing travel time and costs, it is no surprise that video conferencing has become a lot more popular. With many low cost video conferencing products now available, the lure to push a button rather than book a flight for business meetings is very strong for both business team managers and accountants. It’s easy to understand why more businesses are moving to video conferencing every day, and high speed Internet service means better video meetings and increased staff productivity. But since images require a lot more bandwidth than text, streaming video consequently demands plenty of Internet bandwidth. Slow Internet speeds mean bad meetings, broken connections and frustrated staff, especially if some contributors  in a different global location have got up specially to attend the video meeting.

Protecting your valuable data and files

Beyond basic local file backup, all companies recognise that backing up data offsite simplifies business continuity and disaster recovery planning. With more high resolution video, photos and diagrams, the amount of data backed up is constantly growing. Backing up their data using a slow Internet connection creates lots of problems, even if backup is scheduled to run overnight. High-speed Internet connections make rapid, complete backups possible, protecting your critical data and ensuring your business can continue, even if you suffer a data loss due to equipment failure, disaster or data theft. As of May 2018 there’s also the GDPR regulations to consider, where you need to make sure that any data that you hold on individuals is securely held, processed and backed up in line with stringent regulations that apply to all sizes of organisation.


Few of us would also have guessed at half of the devices that have arrived over the last ten years that use an Internet connection. Who knows what web-enabled bit of kit might hit the market next, especially with the Internet of Things?

Wouldn’t it be a crime if you couldn’t download that critical business email attachment simply because your Internet-enabled fridge was doing the drinks stock-up order at an online supermarket?

But, seriously, if you want to remain technologically fit for the future then the lack of high speed broadband could become a life threatening barrier to your business efficiency, or it could drastically limit your planned growth and success.

Get Gigabit speed connected. Find out about the GBVS today here.

Advertise with LinkedIn video

You may have seen company videos appearing on LinkedIn recently. With the right video content, brands can now use sight, sound and motion to tell compelling stories, and drive deeper engagement on LinkedIn feeds and individual and company updates.

LinkedIn update results tracking, introduced in May 2015, allowed marketers to track how their LinkedIn updates matched with their website traffic. Video was the obvious next step, and video for individuals launched on LinkedIn in August 2017, and the results achieved by early adopters of video on the popular business social media platform have been very encouraging.

As of July 2018, LinkedIn launched video for their Sponsored Content and Company Pages. This is no surprise because, in a busy world, we’d all rather watch an interesting video rather than read through even a short amount of text and then click on a link to find out more.

In 2017 there was a 17% growth in the use of video by businesses globally, and that’s not a huge revelation given how easy it is to create sharp, high resolution video these days. We’ve all seen those adverts during the World Cup encouraging us to be film producers on our iPhones (other phones with video facilities are available).

The barrier for entry when it comes to video creation has been dramatically lowered by the advent of these high-res smartphone cameras, inexpensive accessories and simplified mobile, laptop or cloud editing software.

Creating LinkedIn video ads

81% of businesses are now using video as a primary marketing tool, and marketing departments in all sizes of business can now create quality video content without needing the sort of specialised resources and post production video editing that was once required.

With the cost to entry being so low, it’s almost a question of ‘why wouldn’t you?’ rather than the other way around. However, independent filmmaker C. Mason Wells hit the nail on the head when he was asked about the greatest challenges in cinema today. He said:

“The act of making movies has never been easier, but getting people to care about them has never been harder.”

This is certainly a lament that rings true in the world of video marketing. But, as with any type of content in our highly saturated digital environment, the struggle is to both find and captivate the right audience for your products or services. This has been especially true for B2B marketers, who haven’t had an ideal platform for sharing and amplifying their business-related videos. Whilst most marketers use YouTube or Vimeo to host their B2B videos, they rely on search for these on the video channels to drive traffic to their website and to encourage customers to buy what they sell.

Until now. There is no doubt that all B2B marketers see LinkedIn as a primary social media tool to reach a business audience, whether through the carefully developed networks they’ve honed since LinkedIn launched in 2003, or through the company channels that they manage.

The jury is still out on what types of video will ultimately work best on LinkedIn, as all new features on social media platforms often involve some level of experimentation and guesswork.

But there are some relatively straightforward guidelines to follow to help your brand and company succeed with LinkedIn video ads.

  • Choose a campaign objective tied it to your video marketing approach
  • Consider your ROI and measure progress against that objective
  • Follow best practice for social video (length, sound, structure etc.)
  • Find a ‘sweet spot’ in terms of audience target and campaign budget
  • Drive follow-up action with a clear and enticing Call To Action (CTA)
  • Test and optimise your campaign videos for continual improvement

LinkedIn video features

Native video ads represent an evolution of LinkedIn Sponsored Content, letting you engage with business decision makers throughout their buying journey on LinkedIn. Unlike pre-roll or post-roll video ads, video for Sponsored Content lives directly in the news feed as a standalone post.

Video for Sponsored Content helps you achieve your marketing objectives by:

  • Building brand awareness – telling rich, visual stories via social media
  • Driving qualified traffic direct to desktop or mobile website pages
  • Collect high-quality leads with a persistent “call to action” button
  • Utilise LinkedIn’s integrated Lead Gen Forms product for leads

But without accurate targeting, your ads won’t be seen by the right audiences. With LinkedIn’s suite of B2B targeting capabilities available for video for Sponsored Content, you can find your audience by traits like job title, seniority, company name, industry, skills etc. What’s more, the integration with Matched Audiences ensures you can target your Sales team’s highest-priority accounts with account-based marketing (ABM) campaigns.

Since LinkedIn launched the private beta in October 2017, over 700 advertisers including GE, Philips and Audi Canada have tested video for Sponsored Content to highlight not only their products and services, but also their company mission, customer success stories and thought leadership content. These videos are helping marketers deepen brand engagement as, on average, LinkedIn members spend almost 3x more time watching video ads compared to time spent with static Sponsored Content.

“Video content is crucial for our brand, allowing LinkedIn’s professional community to more easily derive value from the content we are producing. While our videos can be up to 3 minutes, we are seeing deep engagement at a great value.”
Kaydee Bridges, Vice President, Digital & Social Media Strategy, Goldman Sachs.

All marketers understand that everything hinges on delivering greater ROI. With video for Sponsored Content, you can measure campaign success through insights and detailed breakdowns about the types of professionals watching, engaging with and even converting on your video ads. LinkedIn’s proprietary Conversion Tracking tool is also integrated, enabling you to measure the number of leads, sign-ups, website visits, and other valuable actions that your video content generates.

“Video stands out because it doesn’t tell, but it shows. On a platform where there’s more business content, a video stands out more, especially on LinkedIn.”
Renske Siersema, Social Media Manager at KLM Royal Dutch Airlines


When it comes to creating your great B2B video content, well that’s entirely down to you. But when it comes to getting the right people to notice and care about those videos, there’s no doubt that LinkedIn can now help your brand get your products, benefits and values across more easily to your target audience.

  • Download the LinkedIn advert video guide – click here