Managing Marketing Risk
for Future Success
September 2015
Deborah Thomas
RBI Group Risk & Compliance Officer
RBI Global Risks
© 2014 Reed Business Information Ltd
1
2
3
4
1. IP Protection
> 90%
2. Third Party Data handling
6
A
3. Talent capability
P
R
O
B
A
B
I
L
I
T
Y
4. Global laws & regulations
50 - 90%
5. Talent lifecycle
B
4
1
5
11
6. Leakage of trade secrets or
other confidential information
3
1
10 - 50%
C
7. Investment in new technology
8
10
2
8. Portfolio change
9
9. Economic & political
7
<10%
D
uncertainty
<2% Revenue /
Op Profit
2 - 5% Revenue /
Op Profit
5 - 10% Revenue / Op Profit
I M P A C T
>10% Revenue /
Op Profit
10. Reacting to disruptive
competitor activity
11. BCP and Disaster Recovery
© 2014 Reed Business Information Ltd
Anti-Bribery Risk
© 2014 Reed Business Information Ltd
THE GLOBAL RISK MAP
© 2014 Reed Business Information Ltd
BRIBERY RISK IN MARKETING
Gifting and Entertaining
 Vigilance when attending dinners, awards and
events.
 Ensuring accurate recording of G&E
 Knowing limits around the world
New RBI G&E recording system being launched
globally in Q4 2015.
Using Third Parties
 RBI are responsible for the conduct of agents (sales, marketing etc..) who work on our
behalf.
 Due diligence must be performed if the intermediary falls within the scope of the policy,
before work is undertaken.
 Full training, policy documents and materials available.
© 2014 Reed Business Information Ltd
Data Privacy
© 2014 Reed Business Information Ltd
DATA PRIVACY RISK IN MARKETING
Complex and fast-changing area, and getting more complex as RBI becomes more international
RBI Global Contact: Robbie Burgess
Global Approach: Elsevier has global e-marketing guidelines for more info for a global approach:
http://nonsolus/legaldepartment/privacy/emarketing.htm
New Canada Guidelines: The RELX DPP group has an information page on the recent changes to Canada’s marketing
laws (CASL) here: https://thewire.regn.net/corporate-departments/legal/privacy/Pages/casl.aspx
New Singapore Guidelines: The guidance provides some specific examples to illustrate when consent can or cannot be
required.
https://www.pdpc.gov.sg/docs/default-source/advisory-guidelines-on-consent-for-mktg/advisory-guidelines-onrequiring-consent-for-marketing-(8-may-2015).pdf?sfvrsn=2
The DPA has also issued another document that sets out sample clauses for obtaining consent for memberships,
marketing and lucky draws and sample forms for the withdrawal of consent from marketing/telemarketing.
https://www.pdpc.gov.sg/docs/default-source/Templates/sample-clauses-for-obtaining-and-withdrawing-consent-(8may-2015).pdf?sfvrsn=2
Safe Harbour Guidelines: http://export.gov/safeharbor/eu/eg_main_018476.asp
The RELX Group Safe Harbor Privacy Policy, revised June 1, 2015, is available from the corporate website
at: http://www.relxgroup.com/documents/policies/safe-harbor-policy.pdf.
© 2014 Reed Business Information Ltd
SAFE HARBOUR RULES
Safe Harbor is a US voluntary self-regulation scheme set up by the US Dept. of Commerce that has been
declared adequate by the European Commission. This means that companies can transfer personal data
from the EU to a US company who has signed up to Safe Harbor in compliance with the EU’s transfer
principle (no transfers outside the EEA without adequate measures in place).
By signing up to Safe Harbor a US company agrees to seven data handling principles, similar to the EU’s
principles.
These are: notice, choice, onward transfer, access, security, data integrity, enforcement. Once signed up
the company has to re-certify every year.
Currently the following RELX entities have Safe Harbor certifications.
• Accuity Inc.
• Health Market Science
• LexisNexis Examen Inc.
• Lexis Managed Technology Services, a business of LexisNexis, a division of Reed Elsevier Inc.
• LNRS, operating through LexisNexis Risk Holdings Inc. and LexisNexis Risk Data Management Inc. and
their subsidiaries
• Moreover Technologies Inc.
• Reed Elsevier Technology Services, a division of Reed Elsevier Inc.
• WorldCompliance Inc.
© 2014 Reed Business Information Ltd
DATA PRIVACY DOS AND DON’TS
 Adhere to the licence or other requirements







of bought-in or harvested lists.
If consent is required it must be freely given,
specific, informed and positively indicated.
Retain proof of consent to demonstrate
compliance if challenged.
Inform customers and prospects that their
data will be used for marketing. There are
different ways to achieve this. (Robbie will
know how RBI do it.)
Always identify the sender.
Always offer an opt-out from marketing
communications.
Action unsubscribe requests promptly.
Follow your relevant internal business rules
on things like retention of non-active customer
data; how many times in a certain period you
can carry out phone/e-mail marketing
activities etc.
© 2014 Reed Business Information Ltd
 Collect contact details responsibly. Don’t



assume just because it’s public it means the
person is open to receiving marketing.
Collect what you need to have, not what
would be nice to have.
Don’t add unnecessary or very personal
details to CRMs, such as birthdays,
children’s names, favourite football team
and so on.
Don’t market into a country without
checking whether there are any specific
rules and that you are complying with them.
If a country has a ‘do-not-call’ register,
always use it.
Don’t send large amounts customer data
around internally by e-mail unless
necessary, and password-protect the
attached document.
Q&A
© 2014 Reed Business Information Ltd
DEBORAH THOMAS – QUICK BIO
Education
Graduated in 1999 from St John’s College, Cambridge
Qualified ACA from PricewaterhouseCoopers (PwC) in 2002
Work
5 years in Omnicom (2004-09) running group projects for a UK
division of the world’s largest Marcomms group
3 years in Diageo (2010-13) doing risk management and compliance
roles in London and Singapore
Joined RBI in 2013 as Group Risk & Compliance Officer in London
© 2014 Reed Business Information Ltd