How to be Ready for GDPR with your Digital Marketing

What is GDPR?

GDPR or General Data Protection Regulation is a new privacy regulation that is going to be enforced in May 2018.  It is applied by the European Union (EU) but has a great impact on marketers worldwide.

In this article, I am going to explain how organizations running digital marketing can prepare for GDPR compliance. How this regulation will impact your marketing strategy. What should be your plan & action point to prepare your company for GDPR?

Though this comprehensive data privacy law comes from EU, it applies to all organization of all size & regardless of where you do business or where you are right now.

Why is GDPR Important to All Marketers?

GDPR is basically and European Law that protects the right to an individual’s personal data. While the regulation is passed on April 2016, it’s going to be effective from May 25, 2018.

You may think, so I am a marketer who happens to be not in Europe, what does it have to do with me? So, while GDPR is applied to protect the Europeans personal data, it can be enforced with some greater fines & fees to any company, individual professional anywhere in the world that happens to deal with personal data’s of anyone inside the borders of EU.

These fines can be 20 million euros or 4% of your annual turnover whatever is greater in value. GDPR also broaden its range in defining personal data, apart from Personal Identifiable Data or PII, GDPR also includes cookies or anonymous IDs.

GDPR for Marketers

So think about it, you have a website an anyone from inside the EU visits your site, while you have advanced tracking solution or analytics on your website, GDPR still applies to you.

FORRESTER Research has predicted that 80% of companies will fail to comply with GDPR in 2018

As today’s marketer, we also have to collect, store personal data for our own need. After GDPR, we just have to take some extra process to be compliant with it. GDPR applies to your vendors and technology partner like Agencies as well. If you are using any digital marketing technology solution that allows your targeting with digital ads, you will be responsible to protect people’s personal data.

GDPR is going to be a big thing. Even it’s just for EU, every other country will adapt it pretty soon. The recent Cambridge Analytica Scandal of Facebook also reminds everyone how vulnerable our data is to the digital advertisers. It’s time to wake your organization and be ready to be fully compliant for GDPR.

Raising Awareness in Organization

GDPR doesn’t just apply to the marketer for how they are collecting data of people and using that. It involves multiple functions of the organization and if anyone fails, the whole bargain will befall upon the company for it.

There must a change in mindset organization-wide, how personal information is used from now on. It’s just not about tweaking your legal information and share a new privacy policy on your site.

  • HR have to look into how employee data’s are being used or how prospective candidate data’s are collected & utilized.
  • Agencies need to use the new mechanism to get consent from the customer for their personal data and how it will open an option for the individual to edit or delete their data.
  • Any new development of tech & marketing asset needs to be compliant with this GDPR from the design process.
  • The operations team needs to have a process in the system, so they can communicate about any data breach within 72 hours.
  • Leadership team needs to check the requirement of any specific data protection system within their company.
  • Marketers need to think about how they are going to get consent from their consumers to do almost everything from anonymously tracking website behavior or targeting specific attributes like Interest of Affinity.

Processing Personal Information

Unlike general circumstances. the consumer is going to be in full charge of their information after GDPR. If you’re skeptical about getting the data for your business as a marketer, there are some method you must apply to collect & process personal data.

Just getting implied consent from the user by the old method are over

Forget about getting the information by, visiting my website of the app you are agreeing to everything that I wrote in a tiny font on my privacy policy page. Instead, you need to get explicit consent from the consumer by using plain language everytime you intend to do something with their data. You also need to have a system in place that allows your customer to remove or edit the data anytime they want.

GDPR for Marketers

If that doesn’t apply in your situation, you need to get a consent known as legitimate interest. That means, you are collecting and using this data for a very logical reason and it doesn’t have any sensitive information about your customer.

As a marketer, we actually have to stop some of the ways, we have been collecting data examine the ways of approach with the traditional methods of marketing.

You can go through all of the articles of GDPR from here to fully understand what you can do & what you can not do with the information. You will also understand the right way to working with consumers data from now on. You can also learn about how consent is moving to people’s hand from yours. It will help you when you are running online/offline marketing for your business & what process you need to establish to ensure the full compliance with consumer’s data.

Management of Consent

As I said before, the old ways of collecting data are over. You can’t just use implied content like: By visiting my website, you’re agreeing to my terms under GDPR. You have to get explicit consent like to be compliant with GDPR.

  • To get the consent, you need to place the request in a plain & understandable language where it can’t be confused with any other element.
  • Hiding this consent in a 20-page legal document or pre-checked boxes are also not part of this compliance.
  • If you have any tracking system in your site or app, you have to get separate consent for that too.
  • Running a new campaign with historical data of your consumer, get consent again.
  • Children under 16 can’t give consent alone without their parent’s permission.
  • If they denied to give you, their consent, you need to stop processing their personal information for any marketing activities. Plus, there’s should be a system, so they can deny it by themselves.

So whatever you try to do for obtaining, storing & using your target market’s information, you actually have to spend some time, effort & probably money to get your process GDPR compliant.

Designing Privacy Compliant System & Securing Data Breach

From now on, every marketer needs to think twice about designing a website or marketing asset for the customers. Privacy by design already existed. But now, it’s imposed by the law of GDPR.

As a digital marketer, now you have to ensure that you build safeguarding of any personal data before you build the actual system. You also need to be compliant with what you’re going to use your data for. Previously, you may obtain your customer’s data without any planning or for further use for multiple activities. Now you need to communicate with the customers, that what you are going to do with their data & what type of data is used for certain activities.

GDPR for Marketers

So when designing new marketing asset or campaign, you will not be able to process any more data which is not necessary to do your specific task, even if you have it. Good news is, if you are already following privacy by design as an initial approach, you are already ahead of the compliance game. You need to keep an eye on the system, so users can edit, modify and delete their data in a simple manner. Ensuring privacy by design will not just reduce your future cost, but it will also make it a compliant system which is trusted by the authority & consumers to boost your business reputation.

Given said that, you also need to ensure the privacy breach within shortest possible time to your consumer. According to the new law, it’s within 72 hours. Securing the privacy of your user is now equally important as securing your website’s technical stuff.

To become fully GDPR compliant, these are not only things you need to look after. You may have to go through appointing a Data Protection Officer in your organization, Audit your data and processes about how information was collected & used now. You may also consider external help from consultants, legal professionals & experienced marketers to know & apply the new processes to your organization.

Tech giants like Google are already changing their ad’s data protection terms that include Google Analytics (GA), Attribution, Optimize, Tag Manager or Data Studio and multiple product changes. They started to notify their stakeholders about the changes that will come after GDPR.

New Marketing Opportunity

So what happened in the early days of the internet. Think about when websites were running different scripts & using cookies which is uncomfortable & then people started to block that using Adblocker or changing the setting in their browser.

Then come’s a change of trade-offs. Tech companies started to use convenient as a new way of using cookies & scripts. Now, you can have superior user experience, if you do not log out from your app. Your favorite sites remember your preference, you do not have to re-enter your billing information again for an online purchase. You’re getting optimized experience across platform & devices.

At what cost? By letting the companies using your information in any way possible. You are being marketed or even influenced by products and services that may not be an immediate need. They are changing your opinion about a certain product by superior content marketing. GDPR changes that.

How it’s an opportunity then? Now marketers & organizations will have to come up with new ways to get consent from the consumers. As per my prediction, more convenient option & better user experience will come to get consent for a specific service for a specific task. The more consumers will provide permission to the controller, the more service companies can offer to them. This is a perfect time to focus on your action point about privacy and how you can harness to get more users authentic consent to provide superior value & build trust among them.

If you wish to know more about GDPR & have a discussion, feel free to contact me.