News

If you don’t target European customers stop panicking about GDPR says lawyer

Australian marketers may be overthinking the implications of the European Union’s new GDPR data protection rules, a lawyer has argued.

Speaking at the Mumbrella’s B2B Marketing Summit this week, DVM Law solicitor Jason Qian, told the audience most Australian businesses are unlikely to be liable under the EU’s rules. However, he warned that large clients may expect their local agencies to be GDPR compliance anyway.

Microsoft’s Mel Neilsen-Gerber and Jason Qian of DVM law at Mumbrella’s 2018 B2B marketing summit

GDPR – the General Data Protection Regulation – was introduced by EU lawmakers in July. Marketers around the world whose databases might include some customers who happen to be in Europe struggled to understand the implications, and whether it would affect them.

Qian said: “The advice I give to a lot of my clients is that you do have grounds to say GDPR doesn’t apply to you if you don’t have a relationship with the EU, if you aren’t targeting EU customers. I think it may well be a defensible position not to engage them.

“With respect to a website that’s open to everyone in the world, there’s material in the text of the GDPR which says there needs to be a bit more, you need to be offering goods and services to individuals and that extra bit that makes the GDPR cover you is that you accept Euros or target specific EU countries, but you can’t make a blanket statement.

“I would say the pressure is going to come from when you’re talking to (big companies like) Microsoft and they say ‘we need you to be GDPR compliant.’ The legal arguments won’t help you there. You’ll just need to negotiate with your customer.”

Qian’s reference to Microsoft came after earlier comments on the panel by Mel Neilsen-Gerber, head of Centre of Excellence & Operations at Microsoft’s Chief Marketer’s Office, where she explained the steps taken by global software giant  to ensure compliance.

A key part of Microsoft’s strategy was to ensure suppliers and contractors had taken steps to comply with the GDPR.

Despite GDPR’s tight regulations, Qian pointed out it does give companies in the business to business sector some exemptions over those marketing to consumers.

“When you’re collecting data in a B2B context, that probably falls under ‘legitimate interests’,” said Qian. “It seems European privacy regulators have recognised that because they have said when it’s B2B, you don’t have to obtain consent as you do when it’s B2C.

“That doesn’t absolve you from the rest of the obligations under GDPR though, you still need to notifiy those individuals with a privacy policy.

If you’re transferring that BsB information to other organisations, you still need to abide by those contractural mechanisms that are in place. So it lets organisations off the hook, but only in one aspect of the GDPR requirements.

“The one thing is to know what you’re doing with the data, just know it in a granular way. When were you collecting it? How are you collecting it? What were consumers shown when you were collecting it? When do they get sent to your privacy policy? Who do you send it to?”

ADVERTISEMENT

SUBSCRIBE

Sign up to our free daily update to get the latest in media and marketing