The EU General Data Protection Regulation (GDPR) comes into effect on 25 May 2018.
Although we have had two years’ notice of the deadline, few businesses are fully aware of the new rules and even fewer are prepared. Unlike other regulations which have given a grace period for compliance, any new processes must be in place by the date that GDPR is enforced, that is 25 May 2018.
There are three ways in which the different aspects of GDPR will affect the most common marketing activities.
These can be broadly grouped into consent, data access and data relevance.
Prefer to get all this information to read later? Download everything in one pdf:
GDPR seeks to put individuals in control of their personal data
The new regulations empower a person to choose whether and how firms use their data. It aims to protect individuals regardless of where they are or how that data is stored.
Consent is about how you manage the specific opt-in requirement for people who request to receive promotional material from you.
Under GDPR, you can’t assume that they want to be contacted by you – at all. Each individual needs to express consent in a ‘freely given, specific, informed, and unambiguous’ way, which is reinforced by a ‘clear affirmative action’.
Leads, customers, and anyone else you contact need to confirm that they want to be contacted by you. You must have actively sought (and not assumed) permission from your prospects and customers, confirming they want to be contacted, and store that permission.
A pre-ticked box that automatically opts them in won’t be permitted, they will have to elect to receive content.
2. Data Access
The introduction of GDPR offers individuals a method to control how their data is collected and used, including the ability to review and/or remove it.
Known as the ‘right to be forgotten’, it has become one of the most talked about aspects of GDPR due to its far reaching implications. It gives individuals the right to have outdated or inaccurate personal removed and has already been implemented by Google, who was forced to remove pages from its search engine results in order to comply.
Every holder or processor of data must make sure that subjects can easily access their data and remove consent for its use.
Practically, this be achieved with an unsubscribe link in your email marketing template and linking to a user profile that allows users to manage their email preferences. You must then ensure that all copies of the data are then also removed.
3. Data Relevance
If you have collected and stored more data than you actually need in order to fulfil your business transaction or relationship with a customer, this aspect of the regulations will impact you.
GDPR requires you to legally justify the processing of every aspect of the personally identifiable data you collect.
For every piece of personal data you request, you must be able to prove why you need it.
Otherwise, avoid collecting any unnecessary data and stick with the basic pieces needed in order to fulfil your obligations to the customer.
Can we help?
Request a free consultation
We are always happy to explain the tremendous opportunity inbound marketing represents to businesses like yours, and how effective it is in generating qualified leads that turn into customers. If you’re curious, reach out and we’ll set up a time to talk. It’s completely free and without any obligation on your part.