NEWS
THE GDPR AND THE
VAPE TRADE
As the European Union enforces a historic change in
data protection law, we look at how the vape industry
can adapt.
By Róisín Delaney
As of May 25, every organisation that
operates within the 28-member states of the
European Union – including the UK – are
subject to the tightest data protection laws
ever known.
In 2016 it was decided the EU would adopt
the General Data Protection Regulation
(GDPR) as a gold standard for data
protection across Europe.
The EU's independent data protection
authority, the European Data Protection
Supervisor believes introducing the GDPR
has been “one of its greatest achievements
in recent years.”
This change is affecting businesses of all
shapes and sizes in every part of the EU, and
for many, it has meant increased expenditure,
panic, overtime and a lot of paperwork.
But how will this rapidly growing industry
cope with such a significant change merely
a year on from the implementation of the
Tobacco Products Directive?
Brexit
Exiting from the EU won’t get us out of having
to play by the rules.
Up until now, data protection law in the UK
was governed by an act introduced in 1998
as a result of an out-dated EU directive. No
one in the nineties could have predicted the
progress and influence technology would
sweep over individuals 20 years into the future.
The GDPR now applies to all companies
based in the EU and those with EU citizens
18 | VM17
as customers. It has an extra-territorial effect
meaning non-EU countries will also be
affected. That means that while the UK will
leave th e EU next year, British companies
will still have to comply or risk facing
infringements and major fines.
Ask the expert
John Charlton is a business catalyst with
Birmingham-based Bart Dalton Consulting.
Having studied the GDPR, he has a thorough
understanding of the change in the law and
has spent recent months guiding companies
from various industries as they embark on a
journey to compliancy. He predicts the vape
industry will shift focus to niche marketing as
a result of the GDPR.
“I think over the last five years consumers
have become a little savvier about who they
give their email address too and also having
multiple email addresses to differentiate
between close contacts and businesses.
This has meant that the buying of email lists
has declined as a method of teaching people.
I think over the next couple of years in the
vape world, we are going to see a greater
use of permission marketing and businesses
focussing on their niche consumers who
want to hear from those brands.”
We asked John if there were any areas this
industry could be in danger of with the GDPR
in mind.
“Ever since E-lites ran the dancing baby
advert, the vape industry has always skirted
close to the line when it comes to advertising.
I think that it is only going to become harder
for the industry to reach consumers via
traditional channels. The power of social
media has already become apparent with
fake news and skewing voting results, so
even with the advertising channels like
Instagram stories and Snapchat, we may
see increased difficulties.”
“Over the next couple of years in the
vape world, we’re going to see a
greater use of permission marketing
and businesses focusing on their
niche consumers who want to hear
from those brands”
John is optimistic about the industry’s
response rate and that is something he
thinks is essential for building engagement
levels we really didn’t have before.
“The industry is fast to respond to change and
new technologies, so I don't see the future as
bleak. The GDPR has introduced new rules,
but most businesses were already working
within the previous guidelines. I think that the
vape industry will see small groups of more
engaged individuals and the social element
will play a big part in how vape companies
reach new consumers and markets.”
The Information Commissioner’s Office
is the UK’s independent authority on data
protection. The ICO’s website hosts many
useful resources and tools for businesses
reacting to the GDPR. Visit ico.org.uk for
more information.