Why GDPR?
The EU were concerned that companies were exploiting the data that they had on consumers. The new GDPR regulation aims to protect the online privacy of individuals with better transparency, the right to have data removed, and better security on the holding of that data.
When does GDPR compliancy become mandatory?
Friday 25th May, 2018How does it impact marketing?
There are 3 areas where marketers muct show compliance and good practice:- Data Permission
- Data Access
- Data Focus
How important is it?
- 1st fine: Euros 10 Million or 2% of the company's global turnover
- 2nd fine: Euros 20 Million or 4% of the company's global turnover
Data Permission
This governs how you manage email Opt-ins. Consumers will need to express consent in a “freely given, specific, informed, and unambiguous” way. Pre-checked boxes on your forms and landing pages will not be enough and you will now need to mention that you wish to retain their data for future marketing, whatever form that takes.As an example:
Data Access
Individuals should now have an easy and transparent way to access, edit or remove their consent for you to use their data, from your system/s. You are likely already doing this but you must have a clear link to an UNSUBSCRIBE and/or EDIT MY DETAILS on all correspondence.Data Focus
Unless you can prove that your business requires ALL of the data that you are asking for you will need to stick with the basics, as above. If your business really does need their hat size, as you sell hats, then that is fine. Mention why you are asking for certain data though.Your Next Steps
- Check, and then double check, that you have no way of you, or your staff, sending anything to anybody who has previously opted out
- Check all of your sales contact, and marketing contact, templates and emails to make sure they are compliant to Data Permissions
- Check your website for forms and other areas where details may be asked for and collected Update your cookie policy and your Terms or Privacy Policy to show that you take GDPR seriously
- If you have two or more systems and a person opts out of one of them, then have a process in place that updates the other systems!
Notes
Even asking your database for consent is a form of marketing and would be against GDPR policy. Consumers know about GDPR and, if they have had a bad day, they may well process a complaint. Therefore, should you spot a mistake or a consumer contacts you directly, such as replying to your email, then act immediately, apologise, correct the error and inform them of your actions.
Buying lists of data will be forbidden under GDPR so do not even go down that route. It just won’t be worth it. Make sure that the staff, that may face this issue, are fully aware of their new responsibilities. This typically includes the Email Marketing Managers, the Marketing Automation staff and PR executives.
Worried?
If you follow the rules – don’t be. On a positive note, this is an opportunity to better define our data, and promote brand trust, transparency, and integrity.If you need somebody to undertake a GDPR compliance audit for you, including sorting out all of your forms and landing pages, etc, then feel free to give me a call to discuss how I can help you.