As the world campaigns for more effective data and privacy protection rights, the stage is perfectly set for the implementation of the General Data Protection Regulation (GDPR) come May 25, 2018 in EU. It is a legislation that aims to standardize digital privacy standards and regulate the way personal data is circulated in the digital world, across member states.
The Basics You Need to Know
From the sound of it, it seems that the introduction of GDPR will radically change the mechanics of the marketing enterprise. But before we consider that, let us gain working knowledge of the main attributes of GDPR:
- GDPR seeks to control how businesses source data from potential customers and how they use it. But the underlying principle is that web users should also have significant control over the data they share with companies.
- The purview of GDPR implementation goes beyond enterprises operating within the EU. The legislation applies to all entities using the data of EU citizens, which brings a wider pool of organizations into the GDPR’s ambit.
- The consequences of non-compliance are not paltry by any yardstick. Businesses that default on GDPR requisites may have to pay up to 4% of their turnover or €20 million as a penalty. Such heavy penalty demands close attention to GDPR compliance.
It is easy to surmise that GDPR cannot be taken lightly. It is well-positioned to transform modern marketing strategies.
The Areas of Impact in Marketing
Contemporary digital marketing practices are guilty of using users’ data in a somewhat arbitrary and opaque fashion. However, the GDPR restrictions will heavily impact how user data is sourced and used in the following ways:
The GDPR stipulates that data controllers need users’ ‘explicit’ consent before using their personal data. The term ‘explicit’ denotes that the consent is ‘freely given, specific, informed, and unambiguous’, confirmed by a ‘clear affirmative action’.
- Email marketing will be heavily impacted. At the time that they provide their contact details, users must confirm that they proactively desire to be contacted by the business for promotional or other purposes.
- ‘Refer a Friend’ programmes will have to be designed such that the individual referred only receives a notification of their referral. No other content can be shared with them unless they opt-in for such contact themselves.
- Web users’ data cannot be shared with any third-party vendor without their permission and explicit agreement of the same.
As highlighted previously, the central concern of the GDPR legislation is to provide users with the digital capital to control the data they have shared with companies. They have the right to access the information they have shared, edit or delete it, and receive notification of any data breach within 72 hours.
- Marketing campaigns will need to be engaging and intelligently paced. Daily emails and updates may cause users to withdraw consent to be contacted by the entity.
- Companies will have to upgrade their existing digital paraphernalia to allow users the ability to access, edit, and delete their data, when and if required.
- Data breaches of any scale will need to be exposed to users and addressed in a timely fashion. Such transparency and rapid communication is something companies will need to be well-prepared for.
GDPR also incorporates concerns about the relevance of data collection since in many cases, the data collected by companies is not of immediate relevance to their product or service. GDPR stipulates that businesses focus on “need to have” data and eliminate the collection of “good to have” information.
- Marketers will need to reexamine the rationale for collecting the data they ask of web users. It would be a good practice to cull-out and relinquish access to information that is not directly relevant to their business.
- Since GDPR allows a “legitimate interest precedent” for direct marketing, it would be possible to pursue email marketing on an unsubscribe/opt-out basis. Marketers will need to evolve systems to ascertain user interest so as to send users’ promotional content while not violating GDPR clauses.
How to Prepare for GDPR
As is evident from the above, navigating through the GDPR quagmire will require planning and preparation. Businesses that rely heavily on email and digital marketing to promote their businesses need to act and strategize to ensure compliance to GDPR legislation. Here are some ways in which businesses and marketers can prepare for GDPR:
- Know thy GDPR: Delve deep into the GDPR legislation so that you know what’s in store. Raise internal awareness and share the “must know” information with all involved stakeholders.
- Review Away: Review the current practices of your organization to identify the key areas that need to change for GDPR compliance.
- Plan for Change: Begin modifying your current digital set-up to make it GDPR compliant and begin developing platforms that allows users data control.
- Brainstorm: Think of digital marketing strategies beside email marketing to ensure that your user base is not compromised by GDPR implementation.
- Change Data Focus: Consider leveraging other sources of data other than web users. For instance, company-level data will allow you to optimize marketing efforts based on industry.
The bottom line is, businesses cannot ignore the impending implementation of GDPR as a legislative roadblock, and need to modify their approach to engaging with users and be more personalized and relevant.