GDPR is around the corner and it’s not something that should be casually dismissed.
From May 2018, it would be a legal requirement for companies to follow the regulations or face a hefty fine of up to 20 million euros or 4% of a company’s global annual income.
If you work in the digital marketing industry, there isn’t really an excuse to not know about GDPR. As one of the most talked things in 2017, GDPR will change the way we collect and use data – this will impact the way we all run campaigns in the future.
The General Data Protection Regulation (GDPR) isn’t exactly something groundbreaking or new. There has always been something similar in the UK called the Data Protection Act 1998.
As our use of technology has changed over time, the way we obtain and use data has dramatically changed too, especially in advertising and marketing. This new regulation is how the EU plans on tackling the different ways we obtain and handle data.
However, it’s important to state that despite the pending decisions of UK leaving the EU, the government has confirmed that it will no affect the commencement of GDPR.
The short bit
GDPR is designed to protect the personal data of individuals – this could be anything from their names, addresses, photos and even their social media accounts.
Important – GDPR protects individuals within the European Union. For those that think that they are exempt because they operate outside of the EU, the GDPR regulates the export of personal data outside of the EU. As a company operating outside of the EU, but dealing with the data of individuals within the EU, you are still bound by GDPR.
What does it mean for marketing?
There are a few notable impacts that GDPR has on marketing practices.
- Opt in – this is all going to change. Where you used to get away with assuming consent through an unticked box or otherwise, people must explicitly and knowingly consent to the use of their data – individuals must actively approve consent. This means you cannot get away with pre ticked boxes or assume inactivity to be consent either. GDPR states that consent must be ‘Freely given, specific, informed and unambiguous’ and consent must come in the form of ‘clear affirmative action’
- Data must be used for specific and legitimate interests. Simply put, you cannot collect data for the sake of accumulating it. You must have a legitimate reason to obtain the data and have specific reasons for needing a particular bit of information. For example, when asking for information, is it necessary to know their gender, if they are a smoker or not or their position or title? Unless you have a specific reason for collecting this bit of information about this individual, it is best to avoid asking these questions and sticking to strictly the information you need to know.
- The right to be forgotten – as marketers, we’ve all had this one before. A user wishes to be removed from the database and prevented from being contacted again. Under GDPR, marking them as “do not contact” is simply not sufficient. If the user requests to be deleted, it means exactly that. Their record must be removed from the database so that there is no chance for any third party to use the data.
- Event attendees – just because someone has attended your event, it doesn’t mean you have consent to use their data for marketing purposes. Once again, as the GDPR states, consent must be clear, actionable and unambiguous.
What are the consequences for non compliance?
The penalty for non compliance is not a light one. Once GDPR comes into effect, people who break these rules could face a penalty of up to 20 million euros or 4% of the company’s global turnover.
It is therefore fairly important that your company is up to date and familiar with GDPR before it comes into effect.
Should I be worried?
For marketing, it means that capturing leads and information for campaigns would have to change. It may seem that GDPR will only create more barriers and challenges to the success of a campaign, but the results could actually come out favourable.
Marketing to an actively opted-in list could see better conversion rates and better quality leads, albeit of a lower quantity.
For someone who practices inbound marketing, GDPR will not really dramatically change how you work, but adjustments are needed nonetheless to ensure compliance. Outbound marketing however, may need to err on the side of caution a lot more.
The GDPR is more about meaningful use of data and transparency to how it’s obtained and used. For individuals, it means greater control and visibility over how their data is collected and how it’s being used.