GDPR presents some significant challenges to digital marketers. The best approach is to get some understanding of how it is going to affect your business. There’s already a flurry of content out there explaining what it means, and even more explaining the pitfalls. But to really ready yourself for the new Regulation coming into play next year, it’s important to take some time to simplify what’s happening and dispel the fears.
What is GDPR?
GDPR stands for General Data Protection Regulation. And it’s a set of rules that are consistent across all EU member states regarding Data Protection. It’s coming into effect on May 25th 2018. It will be an EU regulation, which means that it will be binding on all EU countries immediately. Any company that uses personal data from EU citizens will be affected.
Why do we need it?
GDPR will give more power to citizens over their personal data. Personally Identifiable Information (PII) has been given a much broader definition under GDPR. Citizens will be able to consent to their data being used, will know exactly what it will be used for and will have the opportunity to opt out or be forgotten entirely. Currently E-Privacy Law is inconsistent across the EU member states. The E-Privacy Directive is only a Directive, which means that it can be interpreted differently across Europe. GDPR will standardise data privacy across the EU.
Why the fear?
It’s set to have a significant effect on business and companies across Europe. Those who will not be prepared or ready when the time comes should be worried. Not understanding data protection regulations correctly can mean big fines if you breach data protection in any way – €20 million or 4% of turnover (whichever is higher).
Organisations that already have solid data practices and CTOs who are on top of data protection will have nothing to fear.
But if you don’t have either there are a few steps that you’ll need to take as soon as possible. Firstly, your company will need to audit how it currently captures and processes personal data. How are you currently building your database? Is it compliant? What needs to change to make it compliant? GDPR applies to existing data also so if any of your data is not compliant when GDPR comes into effect, you won’t be able to use it. This may be why we’re seeing an increase in companies selling data of late. We will also start to see companies launching re-permission campaigns in the next year.
You will need to designate a Data Protection Officer – someone who will specialise solely in protecting the data. They need to know GDPR inside out and make sure your company is compliant.
What it means for email marketing
Now that the basics are out of the way, let’s focus on the opportunities – and there are many of them.
Even with all the major developments in automation, VR, and AI, email still has a central place in the marketing funnel. With GDPR, email’s influence as a high quality lead gen platform is set to increase.
Why? Surely, with stricter regulations on what you can and can’t send people – surely this will be the death knell to email? Not necessarily. While GDPR means that your list of subscribers will be cut drastically, those remaining will be those who want to be contacted. They will be more amenable to persuasion, communication and therefore higher quality leads.
GDPR also takes the new step of defining “profiling”. It grants individuals significant rights to protect them from automated decisions – what we know as marketing automation. Even if a user has given consent to be used in profiling-based activities, they are able to object, if you fail to honour such objections you / your company will potentially come under the higher level of fine, and these can be brought by individuals. Pseudonymising and anonymising can provide some protection from these challenges.
The tricky issue of consent
Under the EU Privacy Directive, brands can only communicate with citizens if they have opted-in. Companies will need to have consent that is ‘freely given, specific, informed and unambiguous’. This can be gained by ticking a box on site, choosing settings on a profile. ‘Silence, pre-ticked boxes or inactivity’ are not enough says James Koons, Chief Privacy Officer at dotmailer.
Further to this, brands will also need to tell the subscribers what opting in actually means so they can make an informed decision about what they’re getting in return. How will their data be used? Will it be stored in a CRM database for their use? That needs to be made very clear. This will mean that your email list will take longer to grow, but those who do opt in will be bought into your brand. It will be easier to identify who your true brand ambassadors are, learn more about them and be able to tailor your messaging accordingly.
So many methods that companies have used to collect data before this will not be compliant under these new rules. For example, using an email address that was used to download a paper or enter a competition. They signed up for those purposes only and so emailing them for any other reason won’t be legal. Make sure you’ve cleansed and assessed your current databases.
There will be new rules regarding data capture to consider which may not already be catered for in your current systems. For one, it will be vital that companies keep records of consent in case of a challenge. It will also have to be easy for citizens to withdraw consent. Also, don’t forget about third party providers like Google Analytics. You will need to ensure that users know that their IP address, cookies etc. are being tracked.
GDPR is an opportunity for marketers but only if you know the new Regulation inside out. Many companies will falter and this is where you can get ahead of the races. Plan your strategy now, align your data and marketing teams and ensure that everyone knows what’s happening and how to spot the opportunities that this change presents. It will only slow sales leads down if you’re not prepared!