General Data Protection Regulation (or GDPR as it is widely known) is a new set of standards designed to strengthen the control individuals have over their personal data.
From May 2018 it will be a legal requirement for all companies to adhere to the regulations in place, or face a heavy fine up to €20 million or 4% of a company’s global annual income (whichever is the larger amount). In short, you don’t want to be getting this wrong.
Data is everything in marketing and advertising. It gives an insight into the consumer; who they are, what they like, and what they want from a company. But in a world where “data is the new oil”, here’s a few points for marketers to bare in mind:
Under European Parliament, GDPR will protect personal data for all individuals within the European Union (EU). This includes the export of personal data outside of the EU.
Personal data can be anything relating to an individual within their private, personal, or public life. This includes names, photos, posts on social media sites, or a computer’s IP address.
A Quick Summary
The data subject (individual consumer) must explicitly opt-in to allow personal data to be processed - pre-ticked boxes, or assumption consent is given by default will not be sufficient.
Organisations will need to be specific about what will happen with the data.
A data subject has the right to withhold consent for their data to be processed, and the organisation should not stop them from using a service if they choose to do so.
The tracking of consent is mandatory. The data controller (organisation that collects the data) must know when consent was given.
Data subjects have the right to access information collected about them and a “right to explanation”, in which they can ask why an algorithmic decision was made about them.
Organisations must appoint a Data Protection Officer, who has the responsibility of ensuring the organisation is in compliance of GDPR.
3. The possibility of “slowing- down”
A couple of decades ago, data in marketing and advertising referred to simple things like demographics and response rates. Fast-forward to today, we live in an interconnected world where information is everywhere. Directing and capturing this data enables businesses to build brands, and drive development and sales.
A recent study by DataMeer found that customer analytics made up 48% of big data use in sales and marketing. This plays an important role in the prediction of customer behaviour. Marketers can target ads to an individual knowing information such as their annual salary, their internet browsing habits and loyalty data. This allows marketers to get beyond campaign execution and focus on customer relationship management (CRM).
However, with GDPR in place there is a possibility there will be a decrease in access to customer data which may “slow down” marketers and restrict their ability to target individual consumers based on personal data collected.
4. Adapt to survive
There’s no doubt that GDPR is going to shake up the digital marketing landscape. So it is important for businesses to ensure they are ready to implement the changes necessary to comply by May.
With the possibility of a slow in the progression of marketing ensure your business is ready to adapt and shift in order to tackle this. Don’t just accept it, do what you can in order to drive business development and sales. Plan ahead.
Determine if and how you will be affected. Analyse your data processes, how data is
Collected - get the specifics of your opt-in statement right
Recorded - this must be provable
Stored - privacy and safety is paramount
Retrieved - the data subject has the right to request access to data stored about them
Disclosed - you must be transparent about who you share details with and share responsibility with any third parties.
Erased - the data subject has the right to be forgotten.
The penalties for non-compliance are significant so it is important to understand and be prepared to meet the requirements. Whilst also striving to excel in business regardless of any new restrictions.
5. Don’t panic
There’s been some scaremongering around the topic of GDPR. The usual offenders, The Sun, posted a catchy headline earlier this year that read “Builders, cleaner and gardeners could face huge fines just for sending an EMAIL to drum up business thanks to draconian EU laws on data protection”.
This reads in line with their usual over exaggerations, and although GDPR is presenting business with the biggest adjustment in data protection laws since The Data Protection Act 1998, it is evident that an update was well overdue.
The individual is at the heart of GDPR, it is afterall, design to protect them. That includes me and you, and everyone you know within the EU.
With all the brilliant things that consumer data can offer the marketing and advertising industry, hackers also have nefarious motives to get their hands on this information. So it’s important to remember that it isn’t about making life difficult for businesses but in the best interest for us all.
It may be a relief to know, the first sanction is a written warning, in the case of non-intentional non-compliance.