The General Data Protection Regulation (GDPR) is effective from 25 May 2018. Now is the time to get up to speed with what GDPR means for marketers and to learn how you can make sure that both yourself and your business are compliant by the deadline. With businesses facing a big potential fines of £20M or 4% of your turnover, compliance with the 2018 General Data Protection Regulation (GDPR) is an important issue for your company. In particular, the legislation will change a number of aspects of digital marketing compliance. These include:
- the definition and implementation of opting in and consent
- keeping a record of how you got the data, where from and how long you are keeping it for
GDPR – WHAT IS IT?The General Data Protection Regulation (GDPR) changes the way data is captured, used and managed, for all individuals in the EU. The purpose is to give all individuals increased control over how their personal data is captured and used.
WHEN WILL IT START?25th May 2018 This is the final deadline and there is no transitional or grace period after this date.
WHO DOES IT AFFECT?The regulation affects everyone resident in the EU, but there are some specific points that Marketers and Digital Marketers should be aware of. Any organisation that holds, collects or uses customer data for their marketing or business communications will need to review their processes and ensure they are compliant by the deadline.
GDPR FINESThe associated fines of non-compliance are up to €20 million or 4% of your global turnover, whichever is greater.
WHAT DO MARKETERS NEED TO DO TO COMPLY WITH THE GDPR REGULATIONSDue to the nature of digital marketing, there are many areas that will be affected by the GDPR changes and should be taken into consideration, to ensure that you comply.
Email MarketingOffering website visitors something in return for opting in can be an effective way to build your database. This can be a whitepaper or a piece of content for example. However, under GDPR, opting in must be an optional tick box, otherwise the consent is not be freely given. Things to cover in a re-engagement email:
- How you got their personal details
- Why you are contacting them
- What sort of content you will send them in the future if they opt in
- How they can update their communication preferences and opt out
Website FormsForms must no longer include pre-ticked boxes as this assumes that implied consent is not freely given. Offering downloadable content on your website is an effective way of collecting data to use in future campaigns. The ‘thank you for downloading’ completion pages are a good place to gain consent. A simple click through call to action, to ‘opt in’ would work well here.
Social Media AdvertisingIf you are planning to use email addresses to build lists for social media targeting, then you will also need to tell users about this. They will need to opt in and also be offered the option to opt out too. You will need to obtain consent for the data used on social platforms and the social platforms are also then responsible for the safety of that data.
THE CHALLENGES OF GDPR FOR MARKETERS
Consent is not ForeverUnder GDPR, consent from an initial campaign does not mean you have consent to email the customer about all further marketing activity. You must get explicit opt-in to continue marketing to your database.
Implied ConsentA pre-ticked opt-in box is not accptable. The individual must freely and willingly opt in to receive further information.
Using Bought DataConsent must be gained from the individuals on the list of bought data within a reasonable time frame or on the first correspondence. Even if the third party has gained consent, that does not mean that you are covered.
THE OPPORTUNITIES OF GDPR FOR MARKETERS
More Quality, Less QuantityThe potential results from your marketing campaigns will be much more relevant, as those individuals have specifically opted in and will be more engaged with your content. This should deliver higher click through and engagement rates, which is a good thing. Preparing for and adhering to GDPR regulations means you finally have to ensure your data is up to date.
GDPR MARKETERS CHECKLIST:
- Think about your ‘opt in’ campaign and how you can gain consent
- Review your current data and whether or not you would be able to show where consent was gained for these contacts if you were asked
- Update all the forms on your website so that they are in line with the regulations, eg no pre-ticked boxes etc
- Store information on how consent was gathered using your CRM
- Decide how you are going to offer individuals the chance to view, update and remove the data which you hold about them.
- Decide on how long consent is valid for in terms of your business and also a process for gaining consent after this time elapses
- Think about alternative marketing methods alternative to email.