GDPR is arriving in the UK on 25th May 2018 and it’s not something that you should casually dismiss.
There has already been plenty of articles online about GDPR and certainly a lot of scaremongering going on about the consequences about not being compliant.
If you work in the digital and marketing sector, you have certainly heard it being uttered in the industry, but what does it actually mean to digital marketers and are the concerns valid?
The General Data Protection Regulation (GDPR) isn’t exactly something groundbreakingly new. Before the talk of such a thing called GDPR, there has always been something in place of a similar nature in the UK called the UK Data Protection Act 1998.
The world was a different place than it is now, and how data is being obtained and handled has changed.
GDPR is how the EU plans on tackling the different ways we obtain and handle data. Despite the pending decisions to leave the EU, the government has confirmed that the UK’s decision to leave will not affect the commencement of GDPR. The legislation affects any organisation that collects and processes data of an EU citizen.
There are a few notable impacts to marketing as a result of GDPR
- Opt in, opt out, check boxes, tick to opt out – this is all going to change. People must explicitly provide consent to the use of their personal information and they must do so willingly and knowingly. What this means is that you cannot get away pre ticked boxes which assumes opt in unless otherwise, and you cannot assume inactivity as consent either. The GDPR states that consent must be ‘freely given, specific, informed and unambiguous’ and must be consented through ‘clear affirmative action’
- Data for legitimate interests – you cannot just collect people’s data for the sake of accumulating it. You must have a legitimate reason to obtain the data and have a specific reason for that particular bit of information. For example, when asking for personal details, is it necessary to know their position or title? Is it necessary for you to know how old they are? Unless you have a specific reason for knowing this then it’s best to avoid asking these questions and stick to only what you need to know.
- The right to be deleted/forgotten – Users should be able to request for their data to be deleted from record, removing the ability for any third party from using the data. If a user requests for them to be removed, just marking them on CRM as “do not contact” is not good enough – you must remove them entirely from your records.
- Buying marketing lists – being able to buy data would still exist when GDPR hits, but it wouldn’t come cheap and would most likely be smaller than you would expect. The fact that users must actively and knowingly opted in for their data to be used in a legitimate manner means extra obstacles stand in the way of freely collecting data for marketing purposes. As a buyer of such a list, you must also ensure that the list complies with GDPR. Even if you believe you’re buying from a reputable source, it would be worth insisting on seeing where and how the data was collected.
- Event attendees – just because someone has attended an event that you hold, it doesn’t automatically qualify as consent. You will not be able to add these attendees to you email campaign unless they have clearly and actively provided consent.
What are the consequences of non compliance?
Not being compliant with GDPR once it comes into effect could mean a significant penalty of up to 20 million Euros or 4% of global annual turnover.
Should I be worried?
GDPR isn’t something you should freak out about, but it is definitely something worth paying attention to. A modernised version of the Data Protection Act is going to be inevitable anyway, so it’s important you educate you and your team about how GDPR may affect how you run your business.
From a marketing perspective, it means that capturing leads and information would come with a few extra steps. You might find the task of gaining active opt in a bit more challenging, but ultimately it would mean more relevant leads at the expense of less quantity.
Whilst outbound marketing is still part of the marketing mix, it is less effective than it was a decade ago. Inbound practices makes a more meaningful impact as it encourages the audience to actively get in touch with the business to find out more, and this is done through providing genuinely useful and helpful content. For someone who actively engages in inbound marketing, the GDPR would do little to shake your practices dramatically, but adjustments are needed.
The GDPR is more about transparency and meaningful use of data in this context. On the other hand, for individuals, it means greater control and visibility over how their data is collected, for what and how it is being being used.