This time marketers got famous for the wrong reasons.
After data theft accusations brought many online and data companies into the limelight, many governments reacted to it. International laws managing free data got responsively stringent.
Mark Zuckerberg, Founder, and CEO of Facebook also were not spared from legal trials and many other companies were brought under the radar.
The European Union responded to this responsibly by announcing The General Data Protection Regulation (GDPR) (EU) 2016/679, a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. Source: Wikipedia
GDPR is effective from 25th May 2018 onward.
This article will not only summarize GDPR but also will educate you about ethical and legal marketing tactics that a marketer can use to know more about the prospect. It will also aid you with inbound marketing tactics that could be used to seek the personal data of prospects and customers with permission.
GDPR and its effect on Marketing
GDPR will largely affect marketers who work with customers and audiences in the EU territory. This law requires marketers to take permission from users before asking for information. The terms and conditions should explicitly state and make the user or customer aware of how the personal information will be retrieved and used.
This means opt-out would not be an option of the marketer but a mandatory choice offered to the user. This indicates that the responsibility to explain why the user should opt-in remains with the organization or marketer collecting any such information.
1. GDPR and Email
Yes, you need to re-send a request to opt-in for your emails to your entire list of existing users. It may be overwhelming for some of those organizations which have not done this in the past. However, legally emails are subject to another regulation Privacy and Electronic Communications Regulations, ‘PECR’.
2. GDPR and Customer profiling
GDPR has severely affected efficient customer profiling. Individuals’ habits or personal data that may result in a decision that would impact their life could be a lot harder to get. Any such information drawn using intrusive methods is not compliant with the law. However, the use of anonymous data that explains sales trends and patterns is permissible.
3. GDPR and Direct mail
If there is a legitimate reason, a marketer can use the information of direct mail to communicate. Such information can be kept for two years and not more than that for commercial use.
4. You may also want to know what ‘Privacy Shield’ is.
‘Privacy Shield’ is equivalent legislation to GDPR in the United States of America. Privacy Shield is an agreement between the EU and USA, that handles how data is managed and handled by companies in the US.
You can also read the legal guide to GDPR.
Why should you be GDPR compliant?
There are obvious legal compulsions that compel your organization to be GDPR compliant. But, here are a few other reasons.
The lower level of fine, up to €10 million or 2% of the company’s global annual turnover, and the higher level of fine, up to €20 million or 4% of the company’s global annual turnover.
ROI, response rate.
While the law requires you to once again seek the permission of your subscribers to hold on to personal data, there is a positive side to it. Through this process, your email lists may reduce drastically due to opt-outs. However, the eventual effect would be an increase in the quality of the list. This would help in increasing open and response rates due to the high relevance and also your Return on Investment (ROI).
How can Inbound Marketing help you in being GDPR compliant?
Inbound marketing is a process of encouraging a prospect or lead to provide an email ID and other personal information voluntarily. This means that you are seeking permission and you are being offered personal information with the full consent of the user.
Gated Content, free consultation, demo, and drip tutorial are some of the means used by an inbound marketer to seek user information. Inbound marketing services help you design a campaign using more such tools and techniques to seek information.
We will take you through the different stages of inbound marketing and how you can stay compliant while extracting personal data and still continue your marketing activities.
Forms & True Data
Inbound marketing allows you to collect data on people with permission. However, with GDPR, you will need to specify why is this data being collected and how will it be used in the future. At the same time, you also need to provide an option to opt out of it.
You need to be specific about what information you seek from the user or data subject. The data drawn should be relevant and purposeful to the interaction of activities followed by the submission of such data.
Data Storage and Processing
As mentioned earlier, the purpose and reasons for data utilization must be stated and informed to those who are sharing their data with marketers. Also, the utilization has to be within the legitimate scope stated by the law.
It is the responsibility of the marketer or organization that is collecting to keep it safe. Necessary technical and organizational measures need to be taken by the data collector to ensure that there is no misuse, theft, or misappropriation of the data and that the user’s confidentiality and anonymity are not compromised.
Though a third party is involved in collecting data or using it, the organization that has directed it or is being used needs to take complete responsibility for data and GDPR compliance.
How to be GDPR compliant?
Now, it is your turn to be GDPR compliant.
1. Access and Audit
Investigate all your data sources and audit to find out if any of them hold the personal data of consumers. Though you may not be in the business of handling business data, you need to run this exercise. This could mean that you are a SaaS business or any such business holding data on behalf of your client.
Once you identify the sources and data, seek the permission of those individuals if you can hold such information and also help them cognizant that you are using their data to either directly or indirectly store, process, or report that information. This includes databases, servers, emails, or any other application.
3. Data Reporting & Data Processing
Both types of organizations deal with personal data — reporting as well as processing companies. In both cases, companies need to adhere to GDPR.
This just reminds us to rely on ethical processes while exploring different means to get closer to our audience. As much as it is exciting to know more about the consumer, it is an equal responsibility to stay righteous in respecting privacy and protecting the honor of your consumers.