What is GDPR?
GDPR – General Data Protection Regulation – came into practice on May 25, 2018. It establishes a single set of data protection laws across Europe and is primarily designed to give individuals better control over what personal data an organization can receive, and how this data is used. As stated on the European Commission’s website, the regulation is an essential step to strengthen citizens’ fundamental rights in the digital age and facilitate business by simplifying rules for companies in the digital single market. A single law will also do away with the current fragmentation and costly administrative burdens. If you are interested in reading more, please visit europa.eu, the official website of the European Union here: europa.eu/info/law/law-topic/data-protection/
What does this mean for digital marketing?
For your company to use and store personal data for digital marketing purposes, your company must receive explicit consent from the individual on the usage of their personal data. Furthermore, your company must then be able to prove this consent has occurred! This means updating any forms on your website to comply with this immediately. The UK Information Commissioners’ Office has a helpful GDPR resource and a whole section covering ‘consent’ which you can reference here.
In addition, your company should make clear the following points to any individual you wish to collect data from (dissemination of a well-written privacy statement may be the best place to put this):
- Your company’s identity and contact details
- Why you have gathered the data and how you will use it
- Will the data be transferred internationally?
- How long the data is going to be stored
- The individual’s right to access, modify and erase the data permanently
- A right to withdraw consent to use of personal data when the individual wishes
- The right to lodge a complaint regarding non-compliance of GDPR
- Make sure you thoroughly review ‘your’ specific requirements – the following resources may help.
For the full list, please see here: ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
Is it all negative?
No. This is an opportunity to target your marketing to people that actually CARE about your product or service. Personalization will be key as opposed to generic emails to 1000s of people on your CRM – which, by the way, the individual must be able to opt out of when they wish. It is an opportunity for organizations to look into their current marketing practices, target groups, and improve conversion rates.
Furthermore, companies will now have a template for ‘best practice’ when it comes to collection and storage of personal data. By following the new regulations imposed by GDPR your organization will have improved data protection processes – another consequence will almost certainly be improved technical systems to protect personal data from breaches and attacks.
What about non-EU companies?
Although GDPR is now enforced across the EU it is important to note that it will affect ANY company that deals with EU citizen’s data. Therefore, non-EU companies should ensure a thorough understanding of how GDPR will also affect them.
What should you consider for GDPR compliance?
- Audit and document the data your organization currently collects and stores
- Analyse the legality of your organisation’s uses of data, particularly around Consent
- If you need to seek additional consent, send out opt-in emails (make them interesting, you can guarantee your customer is currently being bombarded by these emails, they are getting sick of them!)
- Put plans in place for what to do if you have future data breaches
- Assign a Data Protection Officer
- Utilize the EUR GDPR Information Portal website
- Be transparent about the data you are storing – if in doubt, check! Penalties for non-compliance with GDPR are severe!
Use this opportunity to build improved data protection processes and better digital marketing strategies with your customers. The transparency that GDPR will cause between your company and your customers will create new, exciting digital marketing opportunities!
Resources:
- europa.eu/info/law/law-topic/data-protection
- https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/