Successful marketing activity rests on the collection of useful personal data. From engaging in email marketing to using Google Analytics to track visitor activity on your website, marketers must change their approach to data gathering and processing, and start implementing the changes necessary to comply with a rather important new law.
The EU’s General Data Protection Regulation (GDPR) comes into force on 25th May 2018. This affects how businesses and organisations in the EU – or working with those inside the EU – use and manage personal data. There are few businesses out there today which do not use personal data in some capacity, whether it be client data, supplier data or employee data.
But data, and the clever use of data, is everything for marketers. Data is insight. Data allows marketing companies to drive sales and source leads. The GDPR will have an impact on a marketing company’s ability to use personal data to target specific consumers.
The ICO have created a 12 step plan, which you can find in full here.
Image credit: https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf
- Consent and the ‘right to be forgotten’
The crux is consent. Consent must be obtained before a company can use someone’s personal data. According to the GDPR guidelines, consent should be ‘freely given, specific, informed, and unambiguous’. The ‘data subject’ must actively give consent for their personal data to be used. In other words, opt in boxes should not be pre-ticked – the data subject must choose to tick the box. And if you want to use an individual’s personal data for more than one purpose, you must make this clear, and get consent each time. If consent is given, you must then make a record of when consent was given, and always make it easy for the data subject to unsubscribe or opt out at any time.
The ‘right to be forgotten’ is another salient feature of GDPR. This will give individuals the right to ask companies to erase their data at any time. This follows a key aim of GDPR: to give individuals more control over how their personal data is used and for how long it can be used.
- ‘Legitimate interest’
The concept of legitimate interest and what it will mean in practice is nebulous at best. The GDPR states that the ‘processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest’. This doesn’t mean that marketers don’t need to obtain consent, it means there may be a ‘legal basis for processing’ personal data in certain circumstances.
For legitimate interest to be a justifiable defence, the interests of the company cannot outweigh the fundamental freedoms and privacy rights of an individual (the data subject). There could be legitimate interest if, for example, there already exists a relationship between the data controller and the data subject, ‘such as where the data subject is a client or in the service of the controller’ or ‘for the purposes of preventing fraud’. But the data controller must be able to prove legitimate interest.
- GDPR and email marketing
You will need to ‘repermission’ everyone on your current email contacts list. This means sending an email to each contact giving them the option to opt in. If a contact opts in (by ticking a box), only then will you be able to send them email marketing. You will need to be specific and unequivocally state what will happen with their personal data, and for purposes of accountability, you must make a record of when the customer opted in. Again, you must always make it easy for contacts to unsubscribe/opt out.
Our advice? Start getting consent from email marketing contacts now. Don’t wait for the deadline to come. This will almost certainly result in the shrinking in size of your email marketing contacts database, but why does that matter? Those who remain on the list will have chosen to be there, which means you can expect a greater level of engagement when you market to them.
- GDPR and remarketing
- GDPR and Google Analytics
Some cookies simply exist to enable certain functionalities within the website to enhance user experience. These cookies have nothing to do with marketing, so we don’t believe this type of cookie is relevant to GDPR. GDPR rules only apply if a cookie is being used for marketing purposes, and marketers will need to get consent from the website visitor in the usual way.
- GDPR: a reason to panic or be positive?
Even though the UK intends to break away from the EU, GDPR will remain relevant for any companies which do business with customers based in the EU. Failure to comply may result in heavy fines. Fines may amount to 4% of global annual turnover or €20 million, or €10 million or 2% of global annual turnover, whichever is greater. Such a fine could drive some marketing companies out of business altogether, but it’s important not to succumb to scaremongering. Companies will face a warning first and be instructed to make changes to the way in which they collect and process personal data. A fine is a last resort.
Marketers can look with a positive eye on GDPR. Though a certain amount of disruption is inevitable, poor quality contact data is, generally speaking, an annoyance for marketers. The inclusion of poor quality data in any digital marketing campaign can negatively affect lead generation results, open rates and click-through-rates.
- New data protection laws are timely
An upgrade of UK data protection laws is long overdue. So instead of viewing GDPR as an inconvenient, disruptive or draconian development, it’s in the best interests of all marketing companies to make the necessary changes (how consumer data is collected and processed, how data is managed etc) and embrace them.
It should be the nature of marketing companies to continually strive to be ahead of the curve, to be energised and pioneering, and to be an advocate for the lawful gathering and processing of personal data. If every marketing company adopts the same enterprising approach to achieving full compliance with the new standards set by the GDPR, then they can expect to shine.
Tags: B2B Services
, Data Analytics
, Professional Services