Whether you’re in the business of marketing, or you’re simply looking to market your products, you’ll have probably heard of GDPR by now. And if you haven’t and are struggling with yet another marketing acronym, GDPR refers to the General Data Protection Regulation. But either way you need to know more. Much more. Don’t worry we’re not going to go banging on for hours about it – we value brevity too – but, if your organisation possesses or processes data referring to a specific, identifiable person and contacts that person, or tracks their engagement for the purpose of profiling – well, then this affects you. So that’s pretty much every one of us. And without meaning to panic you, the cost implications of failing to comply – well, they could be really quite hefty! Up to €20 million to be exact.
So, what exactly is GDPR, and what does it mean?
GDPR comes into effect on May 25, 2018. At the heart of this new regulation lies the requirement to be able to prove you have opt-in, fully informed consent to use the information, the right for those whose data you collect to have transparency and the right for them to be completely forgotten altogether.
That’s going to be challenging for all of us, but we firmly believe this is long overdue, and a key to bringing 1995’s data protection rules into the age of the cloud, and safeguard individuals everywhere.
Yes, the end of May might seem a while away yet, but actually, time is quite limited if you’re preparing for this as you should. Consent (as defined in the new regulations) is going to be a lot harder to come by in 6 months’ time when you’re one of hundreds of organisations asking the same people for that consent. So, we think it’s best to get ahead of the game. And not only will you be beating the rush, you’ll also be demonstrating your sense of social responsibility as well as getting better results from better-quality permission based marketing as a result. Here are the three key points you need to know about and start implementing:
Opt-in consent – As we’re sure you know (you’ll have experienced it enough!), opt-out is a reoccurring part of marketing communications these days. But that ‘did I really agree to this?!’ feeling will be no more, because under GDPR, explicit opt-in consent (clear and identifiable) will be required for all marketing communications going forward. So, if you haven’t already started, now’s the time to get to work gathering that all important opt-in consent from your existing customers and prospects on your databases. If you can’t prove you have this consent that data will be unusable from May 25th.
Intent – Ever heard of the intent principle? That a person “must have known beyond all reasonable doubt…” etc. etc. Well, that same principle is coming to informed consent under GDPR. If you’re using a customer’s data, you need to be able to prove that that customer gave unambiguous, informed, contextual consent, and knew exactly what they were getting themselves into and what you were going to use their data for.
Transparency and Invisibility – Finally, there’s going to be a need for highly structured storage systems, processes and methods that enable customers to ask for the data companies are keeping on them (to be turned around in 30 days tops!), and request to have that data removed entirely. So, don’t let your customer data get in a mess – high quality CRM systems are your friend on this one!
Of course, these steps forward in customer data protection can only be a good thing, and we’re in full support of anything that safeguards those using the services we build or the products we provide. But, that said, we can’t help but set our minds back (and back not all too far!) to the PPI battles that have dominated in recent years.
With the combination of hefty fines, and the ability for consumers to claim substantial damages for data misuse, are we opening the floodgates to a PPI saga 2.0 – public demanding compensation on grand scales and of course, the potential for significant harm to brand reputation. In fact, a recent survey by Macro 4 found that 52% of those asked would make an information request if they believed an organisation to be holding information they hadn’t agreed to.
That said, Macro 4’s same study found that 42% of those asked would be more likely to use a company that made it easier for them to understand what personal information it was holding about them, and how it will be used. And this just reinforces our long-held view of supporting Seth Godin’s principle from the early days of digital – that of Permission Marketing. Once you have permission from your customers and prospects to market to them because they see the value in the relationship – they should be even more responsive to your communications.
So all in all, we think GDPR is best viewed as an as opportunity to build trust with existing customers, win new ones with your transparency and improve the quality of your data – all great reasons to get ahead of the game!