GDPR in lead generation: meet compliance manager Kathy Fleming In 2017, we appointed compliance manager Kathy Fleming to lead a comprehensive GDPR programme and ensure compliance with other key regulations. Here we discuss her role, the impact of GDPR in lead generation and her time at TLA. What can you tell us about your role at TLA? My role is to oversee all legislation compliance for the business. Naturally, my immediate focus has been on GDPR – making sure we had robust and responsible programme in place that involved the entire business. But I also look after our regulatory activity to ensure we meet the Financial Conduct Authority requirements; plus PECR and Ofcom regulations. You’ve worked in both the public and private sector, working for companies such as Betfred, Your Housing Group and Barclaycard. How would you say data protection has changed over time and between these industries/sectors? In the public sector, data protection has traditionally been far more stringent due to the fact that any money they spend comes from the public purse. Legislation has always been taken more seriously with greater levels of accountability. In the private sector, there was always the need to balance the commercial interests of the business against their regulatory commitment. However, GDPR has put far greater emphasis on private sector organisations in accepting that they have to be accountable for their actions. There has rightly been a lot of focus on GDPR over the last few months. How would you summarise the changes? In the past, each EU member state had their own legislation regarding data protection; GDPR has introduced consistency across all EU member states. One of the fundamental aspects is about strengthening the rights of individuals because the way in which we use data today is completely different to how we used data twenty years ago. The old legislation was no longer fit for purpose and needed to change. What impact will Brexit have on the UK’s commitment to GDPR? None whatsoever. The Information Commissioners Office (the regulator for data protection in this country) has stated that despite the UK’s decision to leave the EU, the implementation of GDPR will not be postponed or affected. GDPR is an important, comprehensive and thorough piece of legislation applicable across all EU Member states. What are the significant ways in which GDPR will impact lead generation and marketing? Any organisation that processes personal data must establish a lawful basis for processing this information. Here at The Lead Agency, we mainly rely upon consent. Under the old legislation, companies were able to rely upon a pre-ticked box which would assume that customers had consented; however, under GDPR this form of consent is not valid. Consent is only valid if it is a proactive indication of a customer’s wishes (i.e. a clear and proactive tick of a box to indicate positive consent or the click of a submit button to confirm that the individual is happy for their personal data to be processed). This is bad news for lead generators that have traditionally focused on low quality and high volumes. But good news for those that focus on high quality, qualified leads. Is it possible to be a responsible lead generation company? Absolutely. Lead generation companies tend to have had bad press, but our CEO Anton Hanley wants us to stand out from the rest. We are a quality lead generation company. We create a relationship with consumers that have shown a genuine interest in our clients’ products or services and engage them to ensure they are in-market before giving them the opportunity to connect with our clients. This responsible attitude is one of the main reasons why our transition to GDPR compliance has been smooth and why I believe GDPR is a good thing for the business. We can fully demonstrate our accountability, which can only help us to build trust with our clients. TLA’s approach to GDPR has received strong praise from automotive specialist ASE Global. What do you believe has been the key to our successful preparation? Firstly, can I say how delighted we were with ASE’s report and comments. To hear that of the hundreds of companies ASE had assessed or worked with, TLA had by far the most good practice in place was very rewarding after the hard work and commitment of the team. And that was the key – having a commitment from our CEO from the very beginning and a team willing to learn about the new legislation, understand it and then bring ideas for how we could improve our processes. We have used GDPR to become a better organisation. Which brings us nicely to our final question. How have you found working for TLA so far? Genuinely great. It is a fast-paced and exciting business with supportive colleagues. Everyone is willing to give up some of their time to help each other. Not to hand-hold but to always be there for support and guidance. Anton’s enthusiasm and drive to make the business as successful as possible radiates throughout the organisation and encourages everyone to be the best we can be. Visit our News & Views hub to read more about our preparation for GDPR.