Data protection and compliance remain a pressing issue and marketing to audiences outside of your own country can take you into a regulatory minefield when it comes to operating compliantly.  

Marketing departments must grapple with evolving laws around the handling of data to ensure they are not open to legal recourse if they don’t get it right.   

Watch this recording of Merit’s ‘Demystifying Compliant Marketing Across Borders’ for a breakdown of the laws that affect marketing internationally and how to do it compliantly.


00:00 – 05:00: Introduction 

Con welcomes the panelists. Robbie Burgess shares her rich experience and work background in data strategy. She heads the Data Strategy and leads Governance at Linklaters. Duncan explains why complying with the changing legislations is crucial to companies having global presence. Duncan highlights the topics he’s going to talk about in the webinar. He breaks down the problem in 4 specific points. 

5:01 – 15:59: Dissecting Data Processing Agreements and determining the data exporter and processor 

Duncan emphasises in detail about what is personal data, what is the transfer and movement of personal data, what happens when we make data available to others, when is data flow NOT a transfer, which entities need to comply, the concept of data exporters and data processors, what to watch out in the DPAs (Data Processing Agreements), how to be in compliance with the GDPR, amongst other crucial points. Duncan asks the panelists to share their experiences of facing challenges when trying to identify the entities involved and the flow of data.  

16:00 – 21:29: Data flow roadmaps, documentation and other tools to aid compliance 

Robbie explains that there is a mechanism in GDPR which helps to understand the record of required activities under article 30. She advises companies to skip the brief way and to look deeper if the roadmap provides you with all the results to manage your privacy activities or not. And if not, companies will need to invest more time and resources in it. She throws light on the complications that may also arise from mergers and acquisitions of companies involved in personal data collection. She emphasises on the importance of organised documentation as she believes that documentation is the key to compliance success. She shares some tools that help companies with compliance activities.  

21:30 – 32:00: What does a compliant data transfer look like? 

Con explains that compliance needs to be implemented at every stage with partners, vendors, suppliers, customers and other stakeholders involved with a company. Duncan further addresses one of the most complicated questions in this area – What does a compliant transfer look like? He explains about the common compliant concepts like Adequacy (countries) and Safeguards (SCC). He chalks out the list of safe countries aka adequate countries for the webinar attendees. He explains in details about Standard Contractual Clauses and how 80% of countries comply with it. He also talks about other safeguard techniques like multi-party ‘templated contracts’ or legal documents. He explains about the two versions of EU SCCs, EU C2P SCCs and EU Transfer SCCs, and the overlapping difference between the two.  

32:01 – 38:10: UK vs EU GDPR 

Duncan further unveils the difference between UK companies and EU companies. He explicates about which company is subject to the EU GDPR and UK GDPR. He shares about the two options available to UK exporters – IDTA (International Data Transfer Agreement) and a combination of EU Transfer SCCs + International Data Transfer Addendum.  

38:11 – 50:00: The most common cause for fines, thinking it doesn’t concern your company 

Duncan urges the other two panelists to share the issues encountered by them while dealing with or planning for restricted transfers. mapping workflows, etc. Robbie shares a common incident she has noticed over the years of how companies and top management members try hard to figure out ways to avoid complying. She asks companies to accept that even if it is time consuming, there is no way out for companies. So, abiding by them and starting early on without any shortcuts will save a lot of potential risks, she says. She shares tips to overcome the challenges experienced in ensuring all-inclusive compliance. 

50:01 – 1:01:21: Importing data from India to the UK  

The panel addresses a question raised by a webinar attendee. The question asks about the precautions required for importers of data from India to UK. Duncan talks in depth to answer the question and erase the attendee’s confusion. The panel next raises a poll to the audience.  Duncan concludes the webinar by summarising the key takeaways from the webinar. He combines his years of experience in data compliance with a 6-point action plan for all attendees.