GDPR: What you need to know
Posted: February 27th 2018
Coming into force on the 25th of May this year, the new GDPR (or General Data Protection Regulation) is going to shake up a few things when it comes to digital marketing. It's one of those important topics that everyone is aware of yet no one knows too much about, and that's enough to worry any business owner. If you're well-prepared, though, there's no need to be concerned. It actually provides a great opportunity to take control of the way you market your business and stop wasting time (and money!) on people who aren't interested in your services.
What is the purpose of GDPR?
The aim of this regulation is to protect all citizens in the EU from data breaches and infringements of privacy. Therefore, it will give the public more protection and rights to their information. It has been introduced to replace the 1995 EU Data Protection Directive, which has now become outdated due to how data-driven the modern world has become.
The new law ensures that every person in the EU has the right to know exactly how their personal information is being used, and also has the right to have it erased completely should they wish. The data related to the law is basically anything that can identify a person, whether it's their name, their address, their phone number, their IP address - the list goes on. When you think of the amount of spammy e-mails and phone calls so many of us receive on a day-to-day basis, it's a completely understandable process.
What do we need to do?
There are various steps businesses can take to prepare themselves for the new regulation. The main one is to sort through any personal data your business obtains, consider how you're handling it and make sure that each individual whose information you use has confirmed that they are happy to be on your database and receive marketing material from you. This can be done by sending out e-mails with tick-boxes (which is proving a popular method for many organisations), over the phone or through the post.
As well as managing the data you have collected over the years, you need to put a system in place to ensure any data you obtain in the future is completely compliant with the GDPR. No matter how you gather data, you need to make sure security is at the forefront of your method. The consent of an individual must be completely transparent - an affirmative action made by a person to consciously agree for their data to be used. Currently, many organisations use pre-ticked boxes or promise of return (i.e. entrance into a contest or a voucher of some kind - something they might benefit from) to ensure they have a high chance of obtaining the data. This is no longer permitted. To prove you're always compliant, it is sensible to keep a record whenever consent of data use is given.
Further to the gathering and handling of your organisation's data, don't forget to make your team aware of the new regulation - specifically your data protection, marketing and sales departments. After May 25th, it will no longer be legal to make cold calls from data lists that do not comply with the regulations, to send e-mail marketing campaigns to those who have not actively opted in or use lists of data that may not be compliant on social media.
Who needs to be aware?
Basically, all businesses should make themselves aware of the new regulation, along with anyone who handles potentially sensitive personal data on behalf of a business. It is stated that the new guidelines will affect both data 'controllers' and 'processors'. Data controllers can be classified as those who determine how the data they have is used, and what it is used for - this will generally be business directors or managers. A data processor is anyone outside of the data controller's company who handles and uses this data on behalf of the data controller. This, for example, could be a company like us. We handle email address lists to be used for various marketing campaigns for our clients, and each of these lists is going to be cleansed and made completely compliant before the law comes into force in May. If they are not, we could run the risk of breaching the law and being fined.
How will the GDPR affect our businesses?
It is important to remember that these regulations are not being put in place to punish businesses. If you're handling your data in a fair and ethical way, you shouldn't have to make many changes. The GDPR law aims to protect the general public, whilst ensuring best practice amongst companies that handle and utilise data. If anything, it will have a positive impact on businesses. While many of us are always aware of how we treat our audience, some companies aren't so thoughtful. The new law can only make improvements in this respect, urging all business to only carry out marketing activities that are useful and meaningful to those they're targeted at.
Once the regulation comes into place, not only will marketing be more streamlined, but companies will be more accountable for the data they hold on people. Better security precautions must be put in place to ensure that any leaks or breaches result in as little damage as possible. If there is a breach, GDPR states that it MUST be reported to the country's data protection regulator, which is the Information Commissioner's Office in the UK, within 72 hours. This is so that a log is made of the breach, and people affected by it can be informed as soon as possible. The fines for breaching the GDPR can be staggering (up to £17 million, or 4% of a company's turnover), so it is vital to prepare early.
All in all, it's a positive change!
On the whole, while there's plenty to think about to ensure you are compliant, this new law is a positive movement for businesses. There's no point in spending your marketing budget on people who are not interested in your products or services, and this law will ensure those people are eliminated and your audiences are focused on the right people. Keeping your customers happy - and avoiding annoying them with spammy or unwanted messages - will always benefit you in the long run. Don't be afraid of the GDPR. Embrace it and see how you can use it in your favour!