Managing Marketing Risk for Future Success September 2015 Deborah Thomas RBI Group Risk & Compliance Officer.

Managing Marketing Risk for Future Success

September 2015

Deborah ThomasRBI Group Risk & Compliance Officer

© 2014 Reed Business Information Ltd

RBI Global Risks

© 2014 Reed Business Information Ltd

<10%

A

D

C

B

> 90%

50 - 90%

10 - 50%

4321

<2% Revenue / Op Profit

2 - 5% Revenue / Op Profit

5 - 10% Revenue / Op Profit >10% Revenue / Op Profit

PROBABILITY

I M P A C T

35

6

7

8

9

10

11

4

2

1

1

1. IP Protection

2. Third Party Data handling

3. Talent capability

4. Global laws & regulations

5. Talent lifecycle

6. Leakage of trade secrets or

other confidential information

7. Investment in new technology

8. Portfolio change

9. Economic & political

uncertainty

10. Reacting to disruptive

competitor activity

11. BCP and Disaster Recovery

© 2014 Reed Business Information Ltd

Anti-Bribery Risk

© 2014 Reed Business Information Ltd

THE GLOBAL RISK MAP

© 2014 Reed Business Information Ltd

BRIBERY RISK IN MARKETING

Gifting and Entertaining

Vigilance when attending dinners, awards and events.

Ensuring accurate recording of G&E Knowing limits around the world

New RBI G&E recording system being launched globally in Q4 2015.

Using Third Parties

RBI are responsible for the conduct of agents (sales, marketing etc..) who work on our behalf.

Due diligence must be performed if the intermediary falls within the scope of the policy, before work is undertaken.

Full training, policy documents and materials available.

© 2014 Reed Business Information Ltd

Data Privacy

© 2014 Reed Business Information Ltd

DATA PRIVACY RISK IN MARKETINGComplex and fast-changing area, and getting more complex as RBI becomes more international

RBI Global Contact: Robbie Burgess

Global Approach: Elsevier has global e-marketing guidelines for more info for a global approach: http://nonsolus/legaldepartment/privacy/emarketing.htm

New Canada Guidelines: The RELX DPP group has an information page on the recent changes to Canada’s marketing laws (CASL) here: https://thewire.regn.net/corporate-departments/legal/privacy/Pages/casl.aspx

New Singapore Guidelines: The guidance provides some specific examples to illustrate when consent can or cannot be required.https://www.pdpc.gov.sg/docs/default-source/advisory-guidelines-on-consent-for-mktg/advisory-guidelines-on-requiring-consent-for-marketing-(8-may-2015).pdf?sfvrsn=2

The DPA has also issued another document that sets out sample clauses for obtaining consent for memberships, marketing and lucky draws and sample forms for the withdrawal of consent from marketing/telemarketing. https://www.pdpc.gov.sg/docs/default-source/Templates/sample-clauses-for-obtaining-and-withdrawing-consent-(8-may-2015).pdf?sfvrsn=2

Safe Harbour Guidelines: http://export.gov/safeharbor/eu/eg_main_018476.asp

The RELX Group Safe Harbor Privacy Policy, revised June 1, 2015, is available from the corporate website at: http://www.relxgroup.com/documents/policies/safe-harbor-policy.pdf.

© 2014 Reed Business Information Ltd

SAFE HARBOUR RULESSafe Harbor is a US voluntary self-regulation scheme set up by the US Dept. of Commerce that has been declared adequate by the European Commission. This means that companies can transfer personal data from the EU to a US company who has signed up to Safe Harbor in compliance with the EU’s transfer principle (no transfers outside the EEA without adequate measures in place).

By signing up to Safe Harbor a US company agrees to seven data handling principles, similar to the EU’s principles.

These are: notice, choice, onward transfer, access, security, data integrity, enforcement. Once signed up the company has to re-certify every year.

Currently the following RELX entities have Safe Harbor certifications.• Accuity Inc. • Health Market Science • LexisNexis Examen Inc. • Lexis Managed Technology Services, a business of LexisNexis, a division of Reed Elsevier Inc. • LNRS, operating through LexisNexis Risk Holdings Inc. and LexisNexis Risk Data Management Inc. and

their subsidiaries • Moreover Technologies Inc. • Reed Elsevier Technology Services, a division of Reed Elsevier Inc. • WorldCompliance Inc.

© 2014 Reed Business Information Ltd

Adhere to the licence or other requirements of bought-in or harvested lists.

If consent is required it must be freely given, specific, informed and positively indicated.

Retain proof of consent to demonstrate compliance if challenged.

Inform customers and prospects that their data will be used for marketing. There are different ways to achieve this. (Robbie will know how RBI do it.)

Always identify the sender. Always offer an opt-out from marketing

communications. Action unsubscribe requests promptly. Follow your relevant internal business rules

on things like retention of non-active customer data; how many times in a certain period you can carry out phone/e-mail marketing activities etc.

DATA PRIVACY DOS AND DON’TS Collect contact details responsibly. Don’t

assume just because it’s public it means the person is open to receiving marketing. Collect what you need to have, not what would be nice to have.

Don’t add unnecessary or very personal details to CRMs, such as birthdays, children’s names, favourite football team and so on.

Don’t market into a country without checking whether there are any specific rules and that you are complying with them. If a country has a ‘do-not-call’ register, always use it.

Don’t send large amounts customer data around internally by e-mail unless necessary, and password-protect the attached document.

© 2014 Reed Business Information Ltd

Q&A

© 2014 Reed Business Information Ltd

DEBORAH THOMAS – QUICK BIO

Education

Graduated in 1999 from St John’s College, Cambridge

Qualified ACA from PricewaterhouseCoopers (PwC) in 2002

Work

5 years in Omnicom (2004-09) running group projects for a UK division of the world’s largest Marcomms group

3 years in Diageo (2010-13) doing risk management and compliance roles in London and Singapore

Joined RBI in 2013 as Group Risk & Compliance Officer in London