GDPR. It’s the acronym we’ve all been hearing so much about. The General Data Protection Regulation (GDPR), is the EU’s new privacy law that went into effect May 25, 2018. It affects businesses of any size regardless of revenue or number of employees.
If you are a business that is offering goods or services to an EU resident, tracking, doing some type of online advertising and trying to target an EU resident or you have an operation in the EU, you are in scope.
If you are a service provider, and your customer is processing EU data that they send to you for you to do your magic, you also need to consider GDPR. Many customers require service providers to comply with the GDPR. The GDPR means rethinking all of our campaign strategies
What’s the impact to marketers? Privacy includes the data collected from our customers, both online and offline, how it’s being used, shared and stored. Marketers collect a lot of data and use it in a myriad of ways.
There are many compliance requirements under the GDPR. One of the biggest is that companies need a lawful basis to use data. Before being able to send that email or targeted campaign, a company has to think can I do that? Not only should they think can I do that, but should I do that?
The GDPR offers six lawful reasons, with consent and legitimate interest, being the most relevant to marketers. For consent under the GDPR, there are very specific steps including that it must be specific, informed and freely given. If companies rely on legitimate interest, there is a three-part balancing test that needs to be performed.
In the digital marketing world, there is also the ePrivacy Directive, that companies need to consider. The GDPR does get a lot of the attention, however, it’s also the ePrivacy Directive that will govern how that B2B and B2C email can be sent. It’s worth noting that the ePrivacy Directive is currently undergoing updates and will soon become the ePrivacy Regulation once approved. It’s a few years behind approval and the latest estimates say it will be in 2020.
To comply with the GDPR, companies have had to rethink marketing campaigns. This is a good thing for companies because emailing people who don’t want to hear from you is a waste of money. Privacy laws are encouraging companies to invest in more compelling campaigns using language that will engage your subscribers and encourage new ones.
When it comes to online advertising, we have all seen the cookie banners asking us for consent. There will be additional iterations of these as the Information Commissioner’s Office (ICO), the data protection regulator in the UK, and the CNIL, the data protection regulator in France, have issued guidance this summer advising how companies should capture consent. The views differ and companies will need to evaluate how cookies are used and which approach is appropriate.
Many view the privacy notice as the long boring required legal document. Instead, companies should view this as your marketing opportunity to explain to your customers why they should trust you! What are you doing with their data? The privacy notice should also be reviewed often to ensure that all new and existing marketing activities align.
Finally, marketers have to plan for how they will honor the individual rights requirements of the GDPR. There are many such as the right to delete information and the right to opt out. A core principle of the GDPR is that users can take control back of their data, especially their digital footprint. Marketers need to know where all the data is, how to honor these rights in each system, and a process put in place so employees know what to do. Companies have to comply with these requests within 30 days. It’s critical that marketers start with reviewing the operations and understand where all the data resides.
Customers don’t care how big or small companies are; they trust that you’re going to do the right thing with their data. With that trust, comes loyalty.
Ultimately, the GDPR is encouraging companies to view its customers as more than a piece of data. Privacy is good business. Build trust with each customer that continues to grow with your business.
“Are you someone I can trust?” is the question every potential customer has as they scroll through your website.
To hear more from Jodi in person, be sure to join us for Connect to Convert at the Westin Boston Waterfront, September 25-27, where Jodi will be speaking on Data Privacy and also Consumer Privacy Laws. Register Here!