We pay our bills, send emails, pay our taxes, transfer documents and more all through the internet - sharing our personal details, often without a second thought.
When we sign up for social media, request a report from a website or even order our shopping online, we hand over a wealth of information. Yet, many have little understanding of what this data is used for, and whether that company really needs it.
For this reason, in May 2018, the European Union will be introducing GDPR, new privacy regulations that will change the way organisations collect, store and use their customer data.
With GDPR coming into action early next year - we’ve been exploring the impact that this could have on our clients and the organisations they work with.
Why should you care?
Aside from the ethical implications of using your customers’ data responsibly, failing to comply with GDPR could land you a heavy fine of up to 4% of global turnover or €20 million, if you’re found in breach.
With less than a year to go until GDPR comes into action, 95% of IT professionals in the UK still feel that they aren’t fully prepared for the deadline. However, 40% have said that they are beginning to get ready for the legislation's enforcement. So, with this in mind, we’ve put together some pointers to help you prepare.
You need to be prepared
It’s important that you audit your data by asking yourself the following questions, and checking if it does break any rules.
- What are you using the data for?
- Where is the data being stored?
- Do you still need the data?
It is also worth working through the below checklist -
- Run a re-permissioning email campaign for current contacts.
- Make sure you activate an opt-in button.
- Make sure the cookies are on opt-in before you start using them for that contact.
- Create a well thought out system to ensure you collect the right data for when new contacts opt in to the contact list.
If you want to know more, UKFast have an indepth guide on preparing for the GDPR.
What about the information you already hold?
When GDPR comes into action, in order to use existing data, marketers will need a fully documented permission train. A recent study suggests this will render up to three-quarters of customer data on marketing databases useless in the UK.
To use this data, you will need to run a re-permissioning campaign. If you use a CRM system, hold an email marketing list or use social media for marketing, you will need to ask them again for their permission to use their data.
Giving control back to the user
In everything that we collect data for as a business, provable consent must be explicitly given to the organisation or person collecting the data before it can be processed.
Not only this, but the data collected must only be used for the purpose consent has been given. It must be relevant to their enquiry or necessary for the service they are requesting.
For example, if someone contacts your business through your website via email, you don’t automatically have the right to add their details to an email marketing list.
A key thing about GDPR is that control is coming back to the user. This means email sign-ups must have opt-ins, rather than opt-outs, and there should be no pre-ticking. It’s about being transparent about how you handle data.
If your company suffers a data breach you must be transparent about this too - so it’s worth thinking about upping your security.
What could this mean for the future?
Using Selesti as an example - as an agency, we will no longer be able to simply add emails to our CRM and target them with newsletters, unless we ask the user to opt in for this.
Also, some traditional business development practices, such as mining Linkedin for email addresses, will no longer be allowed. So we should think carefully about creative and compliant ways to do this.
It poses a real marketing challenge - because now, if you have a newsletter, you must ask the user to opt in - so companies will need to focus more on how they sell-in a newsletter. Rather than just having one, you’ll need to think carefully about what extra benefit this brings to the user.
While GDPR will cause headaches, it presents an opportunity for a return to creative marketing and increased trust between marketer and consumer or client - which is actually pretty exciting.