5 Key Insights into GDPR with Managing Partner of D-Fence

In the picture, you can see Juha Oravala, the managing partner at D-Fence
In the picture, you can see Juha Oravala, the managing partner at D-Fence.

D-Fence is a Finnish company. It provides companies of both small and medium-size support services in making sure their company is GDPR compliant. Many companies are facing problems with becoming GDPR compliant. Good news is, that by using the services of a company like D-Fence they can avoid problems and fines in the future.

In order to take a closer look at the new GDPR law made by the European Union, we asked Juha Oravala, managing partner at D-Fence for an interview. In this interview, we will present some key questions about the General Data Protection Act. (GDPR)

  1. “What is in your opinion the most important aspect of the new GDPR law?”

– Juha Oravala: “Increased safety of all registrants i.e. people in the European Union. Including companies and protecting all, private person or whatever entity. On the other hand, many organizations, small business especially think it costs a lot of extra work for them. At least here in Finland, a lot of companies think GDPR is denying work or restricting it. This is due to a lack of information. This causes confusion and miscommunication and miscalculation, that’s the bad side to it.”

  1. “Are you confident that businesses will be willing and able to comply with this regulation?”

– Juha Oravala: “Yes, I am, there is no other choice. I believe the demand doesn’t come from fines. It comes from the clients and partners. Such as having a wide range of network might help you get to a pool of right consumers for your product or service.”

  1. “What tools does your company utilize to help make customers GDPR compliant?”

– Juha Oravala: “We have an easy GDPR service to take control of all the GDPR requirements easily. Everything is already done, templates already filled in. So, all they have to do is walk through the data flow. There is a customer register they open it and there are clear instructions for them. First, they simply get to understand the regulation or ACT, you can’t follow if you don’t understand. Through our service they easily understand what’s it about, fill the required information if not filled earlier and it’s that easy. That’s why it’s called easy GDPR cause it’s easy. It doesn’t take a lot of time and easy to keep up with the requirements.

One of the reasons why it’s popular is because it is easy to use. E.g. we got 500 clients this Spring itself. We also offer expert support other than GDPR, assistance to questions such as what should they do for marketing campaigns and so on. The price depends on the company. 

  1. “Does the GDPR affect companies differently in different EU countries?”

– Juha Oravala: “ guess more or less its same, but does it affect the same way. Maybe there are national habits how you follow certain laws, some countries follow it very accurately, others less accurately, so it’s hard to say. I think it’s more like risk-management if you are an entrepreneur you will confront risk every day in business as well as on a larger scale. Why take more risks, since fewer risk results in better sleep.”

  1. “What challenges does GDPR present and what do you think the future will bring with these new regulations?”

– Juha Oravala: “It will escalate in long-term to the global policies regarding data security. The rest of the world looks upon Europe, we are an example for others. So, if all goes well the rest of the world will follow us. This would ensure safety and would benefit everyone, not the criminals but since there have been cyber threats and big amount of money has been lost to criminal acts, in long-term it is in everyone’s benefit. I think it will escalate and the rest of the world will follow us with a few exceptions of the tax paradise, those might not follow. However, there will be a lot of hassle going and when the first fine is given, rest of the companies would open their eyes and put everything together, there are always some that would do it only when it is really necessary.”

If you are interested to hear more about our international market research services please click here.


As you might have already heard, European Union has a set of new regulations coming into effect in regards to collecting contact data of private individuals – the set of regulations is known shortly as GDPR. So far companies have had a change to use private individuals’ information for, for example, marketing without having the consent of the person whose information they are exploiting. But in May 2018 that is all going to change. Collecting and using private individuals’ information how ever companies want is not going to be possible after GDPR comes into force. GDPR puts EU citizens on the driver’s seat and companies have to accept it, but what does all that actually mean from the companies’ and marketers’ point of view? What is going to happen in May 2018? We have collected the main points of this development here for you to consider.Shaking Hands Handshake Data Personal Block Chain

What is GDPR?

Firstly, GDPR, also known as General Data Protection Regulation, is a set of new European privacy regulations and it comes into force on 25th of May 2018. These regulations’ idea is to have the same directives in all of the EU countries when it comes to collecting and storing up personal information, and to give more power to EU citizens in knowing how their personal information is used.

According to GDPR, personal information includes all information that can be related to a person. That basically means photos, addresses, email addresses, computer IP addresses, bank details, cookies, location information and names. The same thing applies to the B2B sector. After May 2018 cooperating companies are seen as individuals. This is because under the GDPR, the cooperation is seen as something that is happening between people, individuals working in the companies instead of whole companies being seen as the individual player.

GDPR puts individuals in charge of how their personal information is used and gives less power to the companies collecting and using that kind of data for monetary benefit. That’s why under the GDPR individuals have certain rights which are listed below;

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to be forgotten
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.

What does it mean for your company?

First thing that everyone handling personal information databases in their company should appoint someone who is solely in charge of the GDPR compliance (Data Protection Officer).  If and when asked by data protection authorities, companies and organizations have to be able to explain what exactly they are going to do with the database that they have, to report how they are going to secure this information and what they know about the risks involved when handling personal data.  Also, companies and organizations have to know at all times exactly what kind of personal information they have, where the information is collected from and who are handling the data. In order to verify all this, companies should have a Data Protection Impact Assessment where you have everything documented so that if someone in authority asks how the GDPR has been taken into account in their company, you can show them their DPIA.

How does this affect tele- and email marketing?

Companies must be able to clarify what personal information they are going to collect, why they need that information and how they are going to use it. Companies can only collect and store data, which is seen necessary for them. For example, if a company has collected personal information for marketing purposes and in the database you can also see those individuals’ dogs names too, there has to be a clear context as to why (e.g. company is marketing toys for dogs).

Under the GDPR companies are also responsible to clarify how long they are going to store the information. Nobody can keep individuals’ personal information in their database forever. This takes us to the point that companies are not allowed to send marketing emails to the customers who have not bought any products or services from them lately, more specifically for 8-12 months. Also, companies have to have individuals’ consent for sending marketing emails, and even if they have the consent, the company still has to offer an ‘easy way out’ to individuals who do not want to receive any more marketing emails. Last but not least, companies must be able to prove how, where and when the consent was given.

Same rules apply to telemarketing. Companies are not allowed to make marketing calls to numbers whose owners have not given consent for that. Also, if the company has collected phone numbers for some other reason, than making marketing calls, they cannot call them in marketing purpose without asking for the consent first.

Not a problem, an opportunity

Even though the sanctions are substantial (the digest fine can be 20million euros or 4% of worldwide turnover), companies should not see the GDPR as a problem. Of course this all means extra work and companies need to invest time and money in it, but it is also profitable.

When the GDPR comes into force, companies have to clear their databases from information which does not have further use (customers who have not bought any services or products from the company for a while or have not given consent for approaching them). This means that their target groups are going to be smaller and companies are not using their resources for marketing to people who are not even interested in what they have to offer. This is going to make companies’ marketing more effective, because they only contact people who have used their services lately and are more likely to also be interested in them in the future. In the long run it is actually going to save money and who would not like that?