By now we all know that GDPR will be enforced from May 25, 2018. What does this mean? What impact will it have on Digital Marketing?
It is a matter of concern for all who have been working with digital marketing – especially those running email campaigns. To understand better how it would affect the current practices, let’s first understand what GDPR is all about.
What is GDPR?
GDPR (General Data Protection Regulation) is a Europe-wide digital privacy regulation to be effective by May 25, 2018 and covers about 28 countries across. It is a new regulation agreed by the European Union which seeks to improve transparency and the effectiveness of data protection activities.
The major intention behind the regulation is to protect the personal data of a consumer or user and how it is stored, used, transferred or destroyed. Essentially, GDPR is about standardising the EU data directives, to provide best practice regulations on data handling and compliance. It is designed and defined to ensure that users are aware of and can control the personal data they share with companies over the Internet.
How does this affect Digital Marketing?
For the digital marketers especially, this can be a great change as this completely changes the way we think about handling data. Personal data is defined as anything used directly or indirectly to identify a person. It can be name, photo, email address, bank detail, post on social networking websites, medical information or the IP address.
Until now, Digital Marketers, were mining data from the Internet and collecting details like the name of the contact, the email address, phone numbers, etc. The next step for them was to segment this data and then start shooting email campaigns or making cold calls to generate leads. To be safe, they added an Unsubscribe link at the bottom of the email under a nicely written disclaimer and got away with it.
Well, this is not going to work anymore.
There are three main changes that GDPR will bring in that affect digital marketers. These are:
- Territory: If you are processing personal data of EU citizens, you must comply with GDPR regardless of where your company is based.
- Penalty: Companies can be fined up to 4 percent of their annual turnover or 20 million euros (whichever is greater) for non-compliance.
- Consent: GDPR has set a new standard of consent.
As stated in Recital 32:
“Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her. Pre-ticked boxes or inactivity should not therefore constitute consent.”
“Ok…fine but I have data which was compiled before GDPR laid down the guidelines”. That’s what you were thinking, right?
Well, GDPR applies to legacy data too and companies need to take this legacy data in the GDPR compliance audits that they may be performing in their organisation.
What should be done?
Now is the time when Digital Marketers should begin re-strategizing their marketing. GDPR overall, will have great impacts on the activities. To start with, here are few pointers:
When offering a form for a visitor to fill which contains fields that collect personal information, it should be specified where the data would be used. Also, the individual must give his/her consent for the same.
This clearly means that people need to confirm that they want to be contacted before you can connect with them over email or phone. A pre-ticked consent box that automatically opts them in to you sending them marketing mailers, product brochures or calling them won’t work anymore. They must specifically opt-in and it needs to be a deliberate choice.
Wait, the compliance does not satisfy here. There is more.
As a marketer, it will be the responsibility of your company to make sure that the users who have opt-in can also easily opt-out when they decide to. This can be an Unsubscribe link in the email marketing campaigns which may lead that individual to a page where he/she can unsubscribe completely from the database and/or update their email preferences and profile.
Under GDPR, it will also become a compulsion for organizations to ONLY collect data that is required for the specified purpose. This is defined under “Legitimate Interest” which defines that companies won’t be able to collect additional data from individuals for which there is no specified need.
For example, when collecting an opt-in for sending our Technical Newsletters, it may not be relevant or required to ask for Annual Turnover of the organization.
Security of the Data
Under GDPR, post the collection of the data, it is also necessary for the organizations to ensure that the data is secured and is not shared with “Third Parties”.
Whoa! Hang on – does this mean that if we upload the mailing database to a website which offers marketing automation there may be a breach?
GDPR does require the Digital Marketing strategies to be re-evaluated starting now. This does not mean that you or your team needs to stress out on it.
In fact, take this as an opportunity to trim and clean your database, update your privacy policies, update opt-in process and sign up forms, etc. to make it clear to subscribers what their data you have, what that data is being used for, how you keep track of that data, and how they can modify or delete this data if they need to.
In the end, you may be left with probably a small database but remember they would be all those who love your company and your products or services. They would be all those who love to hear from you. All those who are loyal to your brand. In short – Targeted.