Written evidence submission from Data & Marketing Association UK (DMA), Federation of European Data & Marketing Associations (FEDMA) and Global Data & Marketing Alliance (GDMA) (DTD0028)

February 12, 2020

 

 

 

 

 

 

 

Submission to the House of Commons Select Committee on International Trade inquiry on international trade and data on behalf of

 

Data & Marketing Association UK (DMA)

Federation of European Data & Marketing Associations (FEDMA)

Global Data & Marketing Alliance (GDMA)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

For further information or questions, please contact DMA UK Head of Public Affairs, Michael Sturrock

Summary and reasons for submission

 

 

  1. This evidence submission to International Trade Select Committee inquiry into international trade and data.  is issued on behalf of the Data & Marketing Association UK (DMA); the Federation of European Data & Marketing Associations (FEDMA); and the Global Data & Marketing Alliance (GDMA), representing trade bodies from 30 countries and over 15,500 business organisations worldwide, all of whom operate in the data, digital and marketing sphere.

 

  1. As the UK takes its first post-Brexit steps in the world, this inquiry is both timely and important for the success of the data and marketing industry in the UK and across the world. At the time of writing, the UK and EU have still not agreed a data adequacy agreement. This must remain priority one for the UK Government’s international trade and data strategy.

 

  1. We consider our future EU data relationship and wider global data partnerships fundamental to the success of the data and marketing industry across all the UK Nations and for returning the UK to growth and creating high-quality jobs.

 

  1. In concert with data adequacy and strong European links, efforts to create data flows with more nations across the globe will help provide growth of local, national and global economies; the strengthening of consumer rights; and the facilitation of all other forms of international trade.

 

  1. The UK Government should therefore seek to make data agreements with nations who can agree common standards and ideals with respect to the use—and misuse—of data. 

 

  1. To do this, the UK Government should see to use internationally applicable frameworks that underpin basic principles and standards while allowing deviation for specificities outlined in different nation states.

 

  1. With this in mind, for over a year, the constituent organisations of the GDMA & FEDMA have been developing Global Privacy Principles to which all businesses concerned with individual personal data should abide.

 

  1. Value Privacy
  2. Be Clear and Transparent
  3. Respect the individual’s preferences
  4. Process Personal Data ethically
  5. Take responsibility
  6. Keep personal Data Secure
  7. Be Accountable

 

  1. The GDMA global principles establish a common framework for customer communication around the world that should underpin all legal and commercial approaches. They are designed as an instrument of best practice and are intended to serve as a guide for self-regulation and legislation.

 

  1. Above all, they are an aspiration among companies, governments and people to cultivate a trusted and successful commercial ecosystem by serving each customer with fairness, transparency and respect for privacy.

 

  1. For the UK, the adoption of these principles can provide the UK with a space in which data adequacy with the EU can lie in concert with other multi- and bi-lateral agreements, particularly with the other 30 GDMA and FEDMA nations. This, in turn, will make great progress in shaping the global narrative on data policy. 

 

  1. Naturally, agreeing the principles across jurisdictions with differing levels of economic development, cultural heritage, and legal systems has been a complex undertaking. We are hopeful, however, that they will make great strides forward in achieving global harmonisation.

 

  1. Our submission details this work more fully and hope this evidence is useful for the Committee’s inquiry. Please let me know if you would like further information or to discuss any aspect of the response.

 

Yours sincerely,

 

Chris Combemale

CEO, DMA UK

Co-Chair, FEDMA

Board Member, GDMA

 

 


Question: what approach(es) should the UK take to negotiating digital and data provisions – including those concerning the free flow of data, protection for personal data, net neutrality, data localisation, and intellectual property–in its future trade agreements?

  1. When approaching data and data provisions in international trade, it is vital for the UK to push for the promotion of multinational investment; R&D; partnerships with academic and other research institutions; and other means of supporting innovation.

 

  1. The UK should pursue a path of high standards of data protection, consumer rights and ethical business practices more widely. Data and digital marketers are less trusted than politicians, and there is a very strong public desire for the restoration of balance between consumer and business regarding the gathering, use, storage, and protection of personal data. Indeed, DMA research showed that 86% of people want more control over the use of data. The same amount wanted greater transparency about the way their data was used. Trust is inextricably linked to commercial success: individuals will not buy from businesses they do not trust.

 

  1. Therefore, for both ethical and commercial reasons, high standards are vital for national and international trade.

 

  1. This trend exists worldwide. In recognition of this, constituent members of GDMA have been working on Global Principles for trade to which organisations using personal data should subscribe to ensure a business-consumer relationship based on trust.

 

The preamble states:

 

  1. New technologies and the use of personal data provides humanity with the opportunity to live better, consume better, and be more sustainable. Data has an ever-increasing role in this quest for innovation, business and economic growth. The benefits of data for society and the economy can only be achieved through its ethical use and the generation of trust between individuals and organisations. Privacy and data protection rules both contribute to the creation of that trust while providing a framework for responsible free flows of information across the world.

 

  1. The GDMA Global Principles establish a framework for customer communication around the world that should underpin all legal and commercial approaches. They are designed as an instrument of best practice, and they are intended to serve as a guide for self-regulation and legislation.

 

  1. The GDMA Global Principles stand as an aspiration among companies, governments and people to cultivate a trusted and successful commercial ecosystem by serving each customer with fairness, transparency and respect for privacy. The guiding principle of respecting and valuing privacy engenders trust at the heart of customer communication as an exchange of value between an organisation, looking to prosper, and an individual, looking to benefit. These principles ensure that organisations across the globe put the individual at the heart of everything they do, so that businesses can be trusted, respected and ultimately sustained in all countries.

 

 

The GDMA Global Principles

 

  1. The Principles are expanded below. Each has a description of the principle and concrete actions that must be taken by signatory organisations.

 

Value Privacy

 

  1. Respecting and valuing individuals’ privacy expectations is crucial to generate trust in the entire data and marketing ecosystem. Organisations must help individuals to feel confident and comfortable about marketing practices (for instance – when browsing the web, receiving an email, using a mobile app or purchase online or offline) in order to generate benefits both for the individuals through trusted communication and for the organisation through value creation worldwide.

 

  1. Organisations must make “Privacy” a core value through codes or policies approved by top management and communicated to all stakeholders.  
  2. Organisations must take steps to ensure employees, partners and suppliers understand and are committed to the organisation’s Privacy values.
  3. Organisations must train and commit employees to respect and value Privacy.

 

Be clear and transparent

 

  1. Organisations must create trust by being upfront, clear and transparent with individuals about their personal data collection, use and disclosure practices.

 

  1. When collecting personal data, organisations must provide, including through privacy policies, timely, easily accessible and clear information about: 
    1. The identity of the organisation.
    2. What personal data they collect and how they plan to use it.
    3. The purpose of the personal data processing activities.
    4. If they plan to share individuals’ personal data, how and to what type of organisation.
    5. The right of the individual to access, rectify, update and suppress their personal data, according to local law, and how to exercise these rights.
    6. Organisations must be clear about costs and processes that impact individuals.
    7. The sources of the data when not directly collected from the individual.

 

Respect individual’s preferences


 

  1. Organisations must respect the individual’s preference with regard to the use of their personal data for marketing communications as a way towards more efficient communication, benefiting both individuals and organisation.

 

  1. Every marketer must provide an easy way for the individual to express his or her preference with respect to receiving communications from the organisation.
  2. The organisation must also respect opt-outs implemented through government and self-regulatory initiatives that they are subject to
  3. Organisations must ensure individuals have a clear understanding of the preferences they express, including of the data processing resulting from their preferences

 

Process personal data ethically

 

  1.  
  2.  
  3.  
  4.  
  5.  
  6.  
  7.  
  8.  
  9.  
  10.  
  11.  
  12.  
  13.  
  14.  
  15.  
  16.  
  17.  
  18.  
  19.  
  20.  
  21.  
  22.  
  23.  
  24.  
  25. The proper collection, storage, use and disclosure of personal data is essential to maintaining the integrity of the digital marketing ecosystem. Special care must be taken when dealing with sensitive data.

 

  1. Organisations must limit the collection of personal data to what is necessary to fulfil their legitimate purpose.   
  2. Organisations may not use or disclose personal information for purposes incompatible with those for which it was collected.
  3. Organisations should store personal information securely and for only as long as necessary to fulfil the informed purpose.
  4. Organisations should be particularly diligent when dealing with personal data that may cause harm to individuals if mishandled. 
  5. When collecting personal data from children, organisations must ensure that all the information required is intelligible to the child and is provided by a parent or legal guardian.

 

Take responsibility

 

  1. Organisations are responsible for the personal data they use to perform marketing activities even when it is transferred or assigned to third parties (processors).

 

  1. Organisations must ensure that all their employees involved in personal data and marketing activities respect privacy and data protection practices.
  2. Every manager in the organisation is responsible for ensuring that personal data are used responsibly in all activities within their area of influence.
  3. Organisations should regularly conduct internal training on data protection for employees involved in processing personal data.
  4. Organisations must conduct regular audits of personal data practices and maintain records of thereof.
  5. Organisations must ensure that third parties they are involved with regarding personal data and marketing activities respect privacy and data protection practices.

 

Keep personal data secure

 

  1. Organisations must implement the necessary technical and procedural safeguards to protect personal data from unauthorised access, modification, misuse, disclosure, or loss.

 

  1. Organisations must implement written information security policies and review them periodically as well as conduct regular audits and testing of technical systems that house/ manage/ sort personal information.
  2. Organisations should (where possible) adopt a Privacy by Design approach when introducing new technological systems and or processes.
  3. Organisations must restrict access to their systems on a “need to know” basis. Each user should only have access to the personal data which they need to fulfil their tasks.
  4. Whenever possible, organisations should use encryption and/or pseudonymisation to safeguard their consumer personal data, especially during transfer or storage in a mobile/portable device.
  5. Organisations should provide employee training program on personal data security.
  6. Organisations should take a Risk-Based Approach when deciding the security measures to implement, ensuring that potentially harmful personal information have a higher level of security and further limitations on access.
  7. Organisations must promptly notify significant security breaches to enforcement or other relevant authorities, as well as affected data subjects when appropriate and must ensure that personal information is re-secured and protected following a loss or unauthorised access or disclosure.

 

Be accountable

 

  1.  
  2.  
  3.  
  4.  
  5.  
  6.  
  7.  
  8.  
  9.  
  10.  
  11.  
  12.  
  13.  
  14.  
  15.  
  16.  
  17.  
  18.  
  19.  
  20.  
  21.  
  22.  
  23.  
  24.  
  25.  
  26.  
  27.  
  28. Organisations must demonstrate that they have adopted and implemented the necessary internal regulations, in accordance with these Principles, for the responsible use of the personal data they process.

 

In order to be accountable, organisations must: 

  1. Have a comprehensive privacy management program.
  2. Have a clear and publicly available statement to demonstrate their commitment to compliance.             
  3. Maintain adequate records to demonstrate compliance with these Principles.
  4. Implement an adequate system of monitoring and audit.
  5. Establish internal programs to ensure employees are held accountable according to established policy.
  6. Organisations must have a privacy management program in place and be prepared to demonstrate such as appropriate, in particular at the request of a privacy enforcement authority

 

 

Benefits of principle-based frameworks

 

  1.  
  2. Being able to drive consistent change across the world using GDMA principles would be an excellent step forward in making businesses and markets more competitive. Critically, a principle-based framework leaves sufficient scope for national interpretation and regulation specific to internal values and understanding, all the while finding common ground to build trust globally.

 

  1. Furthermore, global principles are more future and can evolve with the rapid pace of change within the data sphere and offer ethical and practical frameworks for new technologies as they appear.

 

  1. Similarly, a set of global principles agreed by all countries allows for national legislation to be drafted locally with respect to legal and cultural traditions while at the same time achieving global consistency and equivalence within a common framework. 

 

  1. An example of a new successful piece of regulation that is in keeping with GDMA principles and which may be useful to nations across the globe is Singapore’s Personal Data Amendment Bill, which permits marketing for the purposes of  MCI/PDPC’s proposal of a new exception to permit organisations to use personal data on a legitimate interest basis for certain business improvement purposes, the PDP (Amendment) Bill includes such exception and is slightly expanded. Specifically, the Bill permits the use of personal data without consent for the following purposes:  

 

  1. Improving or enhancing any goods or services provided, or developing new goods or services to be provided;
  2. Improving or enhancing the methods or processes, or developing new methods or processes, for operations;
  3. Learning about and understanding the behaviour and preferences of the individual or another individual, in relation to the offered goods or services;
  4. Identifying any goods or services provided that may be suitable for the individual or another individual, or personalising or customising any such goods or services for the individual or another individual.
  1. This exception applies to processing for such purposes within an affiliated group of companies.

 

  1. Also consistent with the MCI/PDPC’s intent to impose additional conditions on organisations that rely on this exception, the PDP (Amendment) Bill provides that the organisation must satisfy the following conditions:
  1. the purpose cannot reasonably be achieved without the collection, use, disclosure of the personal data in an individually identifiable form; 
  2. the purpose is what a reasonable person would consider appropriate in the circumstances; and
  3. the organisation and its related corporation are bound by a contract, other agreement, or binding corporate rules requiring the implementation and maintenance of appropriate safeguards for personal data; 
  4. the purpose is not for marketing/promotional messages.
  1.  
  2.  
  3.  
  4.  
  5.  
  6.  
  7.  
  8.  
  9.  
  10.  
  11.  
  12.  
  13.  
  14.  
  15.  
  16.  
  17.  
  18.  
  19.  
  20.  
  21.  
  22.  
  23.  
  24.  
  25.  
  26.  
  27.  
  28.  
  29.  
  30.  
  31.  
  32.  
  33.  
  34.  
  35. The Singapore legislation, the UK Data Protection Act 2018 and the EU GDPR are all consistent with the global principles while at the same time being unique to their territory

 

 

FEDMA GDPR Code of Conduct and UK GDPR Code of Conduct

 

  1. A further tool for facilitating international trade (primarily with the EU) is the use of Codes of Practice. Article 40 and 41 of GDPR permits the transfer of personal data between organisations that have signed up to an EDPB-validated code of practices and EU organisations. The code is specific to an industry or type of transfer. The DMA and FEDMA are currently working on Codes for the UK and EU respectively that are consistent (but not identical) and which could form the basis for international transfers of customer personal data between the UK and EU.

 

  1. Both Codes provide clarity to marketers about how the GDPR should be interpreted for the data and marketing industry. The FEDMA GDPR Code of Conduct will allow a single consistent interpretation of the law across the data and marketing sector in the UK and 27 member states of the EU. 

 

 

  1. This will be particularly useful in the case that the UK and EU do not reach a data adequacy agreement, as it would offer signatory businesses the means by which organisations can transfer data with the EU on the same basis as they do currently.[1]

 

  1. Even in the case of an adequacy agreement, the code is useful as it will ensure harmonisation of interpretation and implementation across the EU Data Protection Authorities and the UK Information Commissioner’s Office.

 

 

 

Question: What are the main barriers faced by UK businesses engaging in digital trade? 

 

  1. As noted above, different nations and jurisdictions have differing values and attitudes towards human rights, privacy, business regulation and beyond. These factors inform how the collection, use and storage of personal data is legislated and regulated.

 

  1. Clearly, exchanging data between jurisdictions requires an understanding of origin and destination data rules. This is the initial barrier to trade. However, most often, there is then a bigger task of executing the legal and administrative tasks associated with giving assurances of conformity to destination rules.

 

  1. For example, for businesses in a third country trading with the EU, significant work to ensure awareness of the existence of the EU GDPR, as well as the mechanisms of legal transfer, are needed before trade is permissible. The understanding and implementing of such rules is no small feat, as evidenced by the fact the EU Commission allowed a 2-year grace period from the moment of ratification for businesses within the EU to make the necessary adjustments to conform to GDPR. Nearly three3 years on from the end of this grace period, for many businesses, this work is still ongoing.

 

  1. Then for businesses in a non-data adequate nation, the legal and administrative tasks of transfer manifest in several forms. The origin source, in this case, could use a Standard Contractual Clause (SCC), Binding Corporate Rules (BCR) or conformity to a GDPR code of practice (of which none yet exist) to demonstrate conformity to GDPR.

 

  1. Developing an organisation-wide understanding of these is one task. There is then a wider task of ensuring all business partners within the EU understand SCCs or other mechanisms (of which there is little awareness), and finally the administrative task itself of executing the transfer.

 

  1. From start to finish, this is an enormous task that places considerable barriers to trade. Reducing such a burden is why the GDMA principles have been created. Establishing a global framework for equivalence that reduces rules-based bureaucracy means more countries are prepared to meet requirements for trade with high-standards jurisdictions such as the EU, while being free to create rules and regulations in accordance with their own legislative and legal norms.
  2. While, of course, the GDMA Principles cannot eliminate all barriers, they go a significant way to raising and harmonising global standards and hastening trade agreements, such as data adequacy with the EU.

Question: What opportunities does digital trade present for UK businesses?

  1. An old adage says ‘as distance doubles, trade halves’. As digital trade eliminates any geographical element of trade, it can be as easy to access products and services from the other side of the world as the office next door. Market access for both businesses and consumers is created.
  2. Naturally, this is more suited to the services market, as import and export tariffs and cost of delivery of physical goods still exists. Nonetheless, digital trade can better facilitate processes required for advertising, ordering and delivery of those goods.
  3. Personal data is inextricably linked to digital trade, both in marketing, purchasing and delivery of goods and services. As noted above, differing standards of personal data can throw up trade barriers. However, as digital trade can place obligations of adhering to another jurisdiction’s standards in this area, it can have a ‘levelling up’ effect as it is the jurisdiction with higher standards that sets the terms of data trade rather than that with lower standards. 
  4. Indeed, the constituent organisations represented in FEDMA and GDMA consider high standards of data protection as outlined in the GDMA Principles as vital improving consumer and privacy rights, while supporting business innovation.
  5. Similarly, the benefits of driving global standards in partnership with other nations means the UK stays ahead of the curve and maintains its reputation as a leading country for digital and data industry and an attractive place for foreign direct investment and an attractive place for skilled workers to live, work and contribute to society.

 

Question: How does the regulation of digital trade impact consumers? 

  1. As noted, personal data is inextricably linked with digital trade. In turn, this is inextricably linked with human rights, particularly in relation to personal privacy.
  2. Therefore, the betterment and promotion of data protection standards worldwide can have a liberalising effect in nations and jurisdictions where rights are less developed or respected. From the beginnings of industrial development, the international trading of goods has had a positive (though by no means universal) effect on workers’ rights. In a similar vein, establishing agreed standards of data protection as a condition of trade may act as an incentive to improved data protection worldwide, building trust in the global digital economy.
  3. Similarly, the digital economy has a far greater means of improving visibility of jurisdictions with less respect for individual rights and encouraging the strengthening of those rights.

 

Question: What approach should the UK take towards renewing the WTO’s moratorium on customs duties on electronic transmissions? 

  1. The UK has the opportunity to use the WTO’s moratorium on customs duties and electronic transmissions as a means to promote aspirations for global data trade. The UK should support this memorandum and encourage partners to drop customs charges which benefits industry and consumers.

 

Question: What objectives should the UK have when negotiating digital and data provisions during its accession to the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP)?

  1. The CPTPP provides further opportunity to promote the UK’s approach to digital and data standards, as well as an opportunity to expand market access.

 

  1. Multiple DMAs of the nations in the CPTPP are members of GDMA and can promote GDMA Global Principles. Furthermore, as the UK’s accession to the CPTPP will be hugely influential for the data and digital aspects of the partnership, the principles provide a ready-to-go set of standards that can be adopted by the CPTPP allowing for mutual understanding and cooperation while allowing national regulation.

 

Question: Will the global increase in digital trade affect the environment in a positive or negative way? What steps can be taken to mitigate any negative environmental impacts of increased digital trade?  

  1. The impact of the digital economy and digital trade on the environment is well documented and significant. The energy usage of data centres accounts for 1% of global emissions. As part of Commitments to COP 2026 in Glasgow, nations should commit to reducing emissions through various means such as the re-use of generated heat and funding renewable energy.

 

Question: What domestic and international law is relevant to the Government’s approach to digital trade?

  1. UK domestic law relevant to the Government’s approach to digital trade include inter alia:
    1. the UK’s General Data Protection Regulation
    2. Data Protection Act 2018
    3. Privacy & Electronic Communications Regulations 2003
    4. Communications Act 2003
    5. Electronic Commerce Regulations 2002
    6. Audiovisual Media Services Regulations 2020
    7. Consumer Rights Act 2015 
    8. The Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013
    9. Finance Act 2020 (Digital Services Tax).

 

  1. Going forward, the Online Harms draft legislation and outcome of the Online Advertising review will likely affect or have some impact on digital trade.

 

  1. Relevant international law includes:
    1. WTO’s General Agreement on Trade in Services,
    2. UNCITRAL Model Law on Electronic Commerce 1996
    3. UNCITRAL Model Law on Electronic Signatures 2001
    4. United Nations Convention on the Use of Electronic Communications in International Contracts 2005
    5. Various Free Trade Agreements

 

  1. Relevant EU law includes inter alia:
    1. General Data Protection Regulation 2016/679
    2. E-Privacy Directive 2002/58/EC (This will eventually become e-Privacy Regulations)
    3. E-Commerce Directive 2000/31/EC
    4. Audio-Visual Services Directive 2010/13 and the Revised Audio-Visual Services Directive 2018/1808
    5. Better Enforcement and Modernisation of Union Consumer Protection Rules Directive 2019/2161
    6. Supply of Digital Content and Digital Services Directive 2019/770

 

  1. The EU has recently introduced draft texts Digital Services Act, Digital Markets Act and a Data Governance Act which are likely to shape the EU’s position to digital trade and data.

 

  1. Multilateral frameworks or guidelines
    1. APEC Privacy Framework 2015.
    2. OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (“Privacy Guidelines”) 2013.

 

 

 

Federation of European Data & Marketing Association* Members

 

United Kingdom
DMA (UK) – Data & Marketing Association

Belgium
BAM – Belgian Association of Marketing

Sweden
SWEDMA - Swedish Data & Marketing Association

Switzerland
SDV - Schweizer Direktmarketing Verband

Czech Republic
ADMEZ - Asociace Direct Marketingu, e-commerce a Zásilkového Obchodu

Denmark
DMA - Danish Marketing Association

Turkey
DPID - Turkish Direct Marketing Association

Austria
DMVÖ - Dialog Marketing Verband Österreich

France
SNCD - Syndicat national de la communication directe

France
CPA - Collectif Pour les Acteurs du Marketing Digital

Croatia
CRODMA - Hrvatska Udruga za Direktni i Interaktivni Marketing

Finland
ASML – FIDMA, Data & Marketing Association Finland

Greece
EEDE - Hellenic Management Association
 

Hungary
DIMSZ - Direct and Interactive Marketing Association Hungary
 

Slovenia
ZDM – Združenje za direktni marketing Slovenije

Italy
DMA Italia - Association for Data-Driven Marketing

Latvia
LTMA - Latvijas Tiešā Mārketinga Asociācija
 

The Netherlands
DDMA - Dutch Dialogue Marketing Association
 

Germany
DDV - Deutscher Dialogmarketing Verband e. V

Norway
ANFO - Annonsørforeningen

Poland
SMB - Polskie Stowarzyszenie Marketingu

Romania
ARMAD - Asociatia Romana de Marketing Direct
 

Hungary
DIMSZ - Data-Driven Association Hungary

 

 

 

 

 

 

Global Data & Marketing Alliance* Members

 

United Kingdom
DMA (UK) – Data & Marketing Association

United States
ANA - Association of National Advertisers

 

Argentina
AMDIA

Germany
DDV - Deutscher Dialogmarketing Verband e. V

Switzerland
SDV - Schweizer Direktmarketing Verband

South Africa
Direct Marketing Association of Southern Africa

Finland
ASML – FIDMA, Data & Marketing Association Finland

Denmark
DMA - Danish Marketing Association

Singapore
DMAS – Data-Driven Marketing Association of Singapore

India
DMA Asia

Czech Republic
ADMEZ - Asociace Direct Marketingu, e-commerce a Zásilkového Obchodu

Croatia
CRODMA - Hrvatska Udruga za Direktni i Interaktivni Marketing

Canada
CMA - Canadian Marketing Association

New Zealand
New Zealand Marketing Association Incorporated

Romania
ARMAD - Asociatia Romana de Marketing Direct

Austria
DMVÖ - Dialog Marketing Verband Österreich

Hungary
DIMSZ - Data-Driven Association Hungary

Poland
SMB - Polskie Stowarzyszenie Marketingu

 

 

 

 

*See links to FEDMA website and GDMA website. Please note both FEDMA and GDMA are in the process of updating names and old names are listed on the websites.

 

February 2021


[1] As the committee will know, achieving data adequacy with the EU is the most pressing issue for UK data industry, Not achieving data adequacy would add barriers to trade that did not exist while the UK was a member state of the EU.

 

While UK businesses would be acquainted with GDPR, the further administrative burdens would still spell the end of many SMEs who do not have the resources to put in place new legal mechanisms of transfer.

 

By the UK Government’s own calculations, failing to reach adequacy puts at risk up to £85bn of exports. Every effort has to be made to reassure the EU that the UK will take the necessary steps to conform to EU data protection and security standards in order to achieve this.