With General Data Protection Regulation (GDPR) coming into force in May 2018, and with two out of five London-based SMEs never having heard of GDPR, we take a look into what this new online privacy regulation means and in particular how this will impact work in digital marketing campaigns.
What is GDPR?
GDPR is the EU’s new legal framework for data protection laws and replaces the UK’s 1998 Data Protection Act across all data you may have collected or bought – whether it’s digital or not. The regulation is being introduced to improve and simplify data protection for EU citizens, residents and businesses. The overarching aim is to strengthen individual rights and to create transparency. It will ensure that all web users are aware of (and can control) what personal data they share. Simply put, we are moving from an “opt-out” world to an “opt-in” world.
But what about Brexit? Well, as GDPR is an EU regulation and not a directive, issues of Brexit do not come into play here for now – the regulation will simply be introduced automatically on 25th May 2018.
The six top-level areas that the GDPR covers are:
Right to Access: Data controllers will have to be able to provide a free copy of an individual’s data they hold if requested.
Right to Erasure: Individuals have more control for their data to be completely deleted.
Data Portability: Individuals will be able to access their data in ‘an electronic format’ which they can transfer to a different data controller.
Data Breach Notification: Customers and data controllers must be notified of data breaches within 72 hours.
Privacy by Design: Data compliance and protection must be tackled from the start when designing new systems
Data Protection Officers: As the name suggests, certain companies using data processing and monitoring e.g. public authorities, must appoint a data protection officer.
So what does this mean for marketers?
GDPR should not be ignored by marketers. Other than the hefty fines which come with non-compliance (up to €20 million or 4% of a company’s annual turnover) GDPR also affects marketing in three crucial areas:
Opt-in, opt-out & Consent. This means that ‘implied consent’ or ‘soft opt-in’ e.g. ‘uncheck this box if you don’t want to receive…’ will no longer be a legal option. Under GDPR, consent must be ‘freely given, specific, informed and unambiguous’. This means companies now cannot simply assume consent and cannot continue with techniques such as pre-ticked boxes.
Right to Erasure / Right to be Forgotten. As this is designed to give individuals more control on how their data is used, companies will have to know what data they possess and communicate to individuals how they can request to have this data removed.
Third-Party Compliance. For many marketers, third party tools and marketing techniques make up the bulk of their data collection. This means that companies will need to check third parties are GDPR compliant.
- Ensure there is a point of contact from both sides and have plans in place for any data breach
- Ensure the collection of ‘only necessary’ data
- Be sure it is possible to delete data once it is no longer needed.
While GDPR can be seen as a measure to further impose restrictions, marketers can benefit from this regulation. On one hand, it amounts to more control but it also helps to steer away from collecting masses of data which may be of no use, and pushes for more relevant and targeted data collection. Given that 42% of B2B marketers see a lack of quality data as the single biggest barrier to lead generation – coupled with the fact that 51% of email marketers feel the same – the positive implications become clearer. An important point to take away from this change in regulation is to establish a best practice routine when it comes to data collection.
But more significantly, GDPR presents the chance to build consumer trust. If consumers feel they can trust brands more to protect and use their data wisely then they may offer up more data, which means stronger insights to fuel creative ideas and ultimately results in more opportunities for marketers.15.11.17 Archive