For brands and businesses, customer data is everything. Whether it’s a promotional email sent to those who completed a survey on hair washing back in 2017, or a ‘Find your Dream Holiday’ campaign based on where a someone choose to go on their last mini-break, using customer data to drive leads is not just advisable, it’s necessary.
However, the way organisations use data will soon be changing. On the 25th May 2018, the EU’s GDPR (General Data Protection Regulation) will come into force across all EU member states — this still includes the UK — and will also apply to any worldwide organisations that collect data from individuals inside the EU.
The GDPR aims to give the customer more control over how their data is collected, stored and used, with hefty penalties for those who misuse data or ignore its regulations.
Failure to Comply
Organisations who ignore the new regulations will receive penalties. The maximum fine amount is €20m or up to 4% of the company’s annual turnover. For organisations like Apple, Amazon, Google or Microsoft, this figure will be far more than €20m.
Factors taken into account when determining the size of the fine include the nature and gravity of the violation, previous violations, type of data affected, efforts to mitigate the damage, degree of responsibility and willingness to cooperate with authorities.
What Does This Mean for the Marketing Industry?
Come 25th May, organisations will need to ensure their data collection, retention and storage, abide by the new regulations. For some businesses, this will involve a complete overhaul of their marketing methods, while others will only need to make minor tweaks. The new regulations will lead to some massive changes in the world of marketing. Those most affected will likely be email marketers, marketing automation specialists and PR executives, although anyone involved in customer data will need to get clued up.
The three key areas which marketers will need to address in order to meet GDPR standards are data collection, data access and data retention.
Current best practise is to allow customers to opt-in to receiving promotional material and emails, as well as actively consenting to having their data collected and shared with third parties. However, all too often, this isn’t enforced. Pre-checked boxes, lack of transparency over data-use and organisations collecting far more information than necessary, are still commonly used, albeit shady, marketing practises.
The GDPR aims to give more clarity to customers over how their data is collected, used and controlled. Under GDPR, individuals must give their consent to having their data collected, and it must be made totally clear to the person what their data will be used for. This will eradicate pre-checked forms and confusing tick boxes, while any company that wishes to share data with a third party will need to communicate this clearly with the individual, ensuring they actively consent. Instead of opt-out methods commonly used, customers will need to opt-in — actively consenting to having their data collected and stored.
This new transparency doesn’t end after the data has been collected. If the way a company chooses to use an individual’s data changes at any point after the customer has already opted in, they are required to communicate these changes to the individual — who must again, actively consent to these changes.
Businesses are no longer able to collect excessive data. Under GDPR, they must only collect data which is both necessary and relevant. Collecting unnecessary or excessive amounts of data is a breach of GDPR.
Data Storage & Use
Once an individual’s data has been collected, the business must ensure this data is safe. It should be stored securely in accordance with GDPR, with the security measures depending on the type and sensitivity of data stored. With these security measures in place, data will be protected against unauthorised processing, loss, disclosure, access, destruction and alteration. It is the responsibility of the company to ensure the data is secure, while failure to comply will constitute a breach of regulations.
Organisations are also only permitted to use personal data for legitimate and specified purposes. Any attempt to use personal data for something outside what the individual has already consented to is a breach in GDPR.
The final way GDPR will affect marketers specifically is through data retention. Organisations may only keep consumer data for as long as it is necessary to fulfil the purpose of collection. Businesses will need to set up a data retention policy and communicate this clearly with the customer. If an individual requests that their data be deleted, businesses must comply with that request and confirm the deletion to the individual.
Why GDPR is Good for Marketing
With time, we’re confident GDPR will be seen as a positive step for companies and consumers alike.
Transparency, Trust and Respect
GDPR requires total transparency between organisations and individuals. By being clear about what data is being used for what, as well as ensuring that all customers have actively consented to having their data stored and used, consumers will begin to trust both large and small organisations again — something that has been lost in recent years. Brands will be forced to communicate with their customers on an individual level, producing engaging and valuable campaigns as well as content that customers actually want. When customers trust brands and feel confident that their data won’t be misused, they are far more likely to come back for more.
Marketers will Need to Up Their Game
These changes will ensure a number of shady data collection strategies are left firmly behind in the first half of 2018. Marketers will need to think fresh and be innovative, paving the way for an often neglected world of marketing to emerge — one that relies on trust, transparency and personal interaction with customers. Spam emails sent by third party companies will hopefully become a thing of the past, meaning the far fewer emails customers do receive will be more likely to to be clicked into. When it comes to outreach marketing, less is often more, and we’re confident that organisations which comply with GDPR are going to be rewarded in the long run.
Thank you for reading and please give us a clap if you enjoyed this post!