Interview with John Mitchison

Q&A with John Mitchison

John has extensive in-depth knowledge of the data and marketing industries, with more than 20 years of experience in both. In recent years, he has worked closely with industry groups like the Data Protection Network and the DMA’s Responsible Marketing Committee as well as regulators like the Information Commissioners Office, Fundraising Regulator and Ofcom to develop guidance in a changing legislative landscape. His current focus is data protection and ensuring businesses can successfully prepare themselves for the upcoming EU General Data Protection Regulations (GDPR) and ePrivacy Regulations. 

John is also the DMA’s media spokespeople and can often be seen offering comment in print, online, on radio and on TV. Prior to joining the DMA, John was a Client Services Manager for Acxiom, managing large data solutions for a number of key accounts.

We’re looking forward to hearing from John at this year’s Digital Day which is taking place in Edinburgh on May 17.


What’s your background, John? What led you to a career in policy and compliance?

My background has been in data and marketing for many years (collecting data, direct marketing managing crm databases etc), more recently I worked closely with The Telephone Preference Service which forced me to get into the detail of the Privacy and Electronic Communications Regulations (PECR / ePrivacy). From there I moved into general compliance for marketers and DMA members, when GDPR came along it was necessary to start developing policy to support the DMA Code.

Your experience in the data and marketing industries spans over two decades. What have been the most notable changes that have taken place throughout this time?

Apart from GDPR, the changes have been gradual driven by technology. The sort of data collection I did in the 90’s would certainly be frowned upon today. One major incident that affected people’s opinions on how data is used was the charity scandals exposed by the Daily Mail in 2016 and more recently people have had been made aware of how digital marketing works because of the media's investigations into Facebook.

With the new GDPR regulations due to come into effect on 25 May. Many companies are concerned about losing valuable data that they’ve spent years building. Are their concerns valid and is there anything that they can do to protect the information they have?

If the data has real value then they shouldn’t be any need to delete it. Most of the problems I come across relating to existing data are because the company probably shouldn’t be using it now under the current regulations!  If the data has been collected in compliance with the DPA and PECR then there won’t be any problems.

What steps should businesses take to ensure effective and safe data collection moving forward?

Make sure your privacy policy is up to date. The ICO has a good code of practice on privacy policies and the DMA has a template that members can use as a base to create their own. Then make sure your data collection statement are compliant. Whether you are collecting data with Consent or Legitmate interest make sure they are clear, easy to understand, telling people what will happen to their information, no pre ticked boxes or outrageous incentives.

What’s your predictions for the future of data protection?

The next thing on the data protection horizon is the update to the ePrivacy regulations (PECR). This is still going through the EU legislative process but a final text should be ready by the end of the year. ePrivacy has the potential to make bigger changes than GDPR especially in the area of digital marketing.


John is speaking at this year's Digital Day on May 17 in Edinburgh.