GDPR. Unless you’ve had your head under the duvet for at least a year, you can’t fail to have heard of it. There’s certainly no shortage of available material in the public domain.
But take your views from the majority of it and you’d be forgiven for wanting to retreat straight back under the covers to get away from the Gloom, Doom, Pessimism and Risk.
Done right, the General Data Protection Regulation gives you the opportunity to reach for the stars. But you won’t do that by hibernating and hoping for the best.
To help redress the balance – and to empower you with the relevant information to ensure compliance – we’ve highlighted some need-to-know facts and positive changes for marketers and business owners alike.
GDPR – The basics in brief
You’re probably aware of the basic details. But to refresh your memory we’ve summarised them in layman’s terms.
- The aim of GDPR is to give EU citizens greater control over their data – so if you hold personal data of customers, leads or employees in the EU, it applies to you
- GDPR comes into play on 25 May 2018 and Brexit isn’t a get out clause – it will still apply, even after we depart the EU
- The fines for non-compliance aren’t to be sniffed at – up to €20m or 4% of your annual turnover – so getting it right is important for the health of your business
There’s no getting away from the fact that the new rules are complex, but they give you the opportunity to manage data efficiently and effectively – and by doing that you’ll build trust in your brand and boost your profits.
The consent conundrum
One of the main changes introduced by GDPR relates to consent, which is a particular bug bear for marketing departments. Gone are the days of contacting leads or customers who have neglected to tick an opt-out box. Under the new regulations, prospects have to:
- Tick a box to indicate that they want to hear from you
- Confirm that they do via a link in a further email
This is known as the double opt-in.
A further point. You’re not allowed to show these options next to your terms and conditions. They have to be clearly presented as a standalone section to prevent any possibility of misunderstanding. (For further details, check out what the ICO has to say on consent.)
In reality, this stringency can only be a positive thing for marketing. While you may be communicating with fewer people, those individuals will genuinely want to hear from you. Which is good news for your customer engagement levels and conversion rates.
The devil’s in the data
If you’ve been pouring over the finer points of GDPR legislation, floundering over the difference between a data controller and a data processor and trying to work out whether you need a data protection officer – we’re here to make things more straightforward. (Though for a technical insight, we’d recommend this ICO download.)
Under GDPR, the definition of what counts as personal data has widened. There are now all sorts of identifying factors – including data that tracks online behavior and social media posts.
Broadly speaking though, the new rules can be broken down as follows:
- Know what data you have and why
- Have the right systems in place to manage it
- Know who’s responsible for your data (and make sure they know too!)
- Encrypt anything that shouldn’t be disclosed
- Get everyone on board, building from the bottom up
- Plan our precisely what you’ll do if there is a breach
This may sound like lots of groundwork, but it’s definitely worth putting the hours in now – and not just to avoid those business-breaking fines. In fact, when you’re meticulous about data handling, you’ll operate more efficiently and effectively. (If you’re looking for some further reading on this point, the ICO has a succinct summary of GDPR principles.)
The right to be forgotten
Under GDPR, customers have the right to have their personal data erased from your business. This ‘right to be forgotten’ has provoked much discussion. (Though if you find yourself tempted to bring it up – or discuss your organisation’s approach to privacy by design – when chatting to your friends, you probably don’t need to be reading this blog!)
As long as you know where all your data is – see above – this shouldn’t be an issue. However, if you hold data in more than one database, you’ll need to work out how to collate it.
Again though, this level of data efficiency brings its benefits. Everything is at your fingertips and you’ll have the power to be targeted and efficient in the way you communicate with those customers who don’t want you to erase their data.
Your ticket to building trust
Yes, the new rules require businesses large and small to transform the way they handle data. However, this is an opportunity for you to demonstrate to both current customers and your target audience that you take their privacy seriously – and that you’re responsible with their data.
Get it right, and you’ll build trust and set your business apart from the competition, exceeding your customers’ expectations and delivering a service that’s efficient and effective.
So, what are you waiting for? Say so long to Gloom and Doom and hello to Gladness, Determination, Positivity and Reward.