If you have not heard about GDPR, maybe you live in another planet. Indeed, it has become one of the most discussed topic in all organizations in Europe.
The General Data Protection Regulation (GDPR) is a new digital privacy regulation that will be enforced in Europe on the 25th May, 2018. It aims at protecting personal data in all member states, which is not new per se. However, the big news is that organizations found to breach GDPR could be fined up to 4% of their annual global turnover or 20 million euros.
Gosh, so it is not just another acronym!
Now let’s dig a bit further:
What kind of company data are we talking about?
All data that can be directly or indirectly related to a person, in short data from customers, prospects, partners, journalists or employees are falling under the new regulation. That includes names, photos, emails but also computer IP address.
Which companies have to comply?
All the companies managing personal data of EU subjects have to comply regardless of their size. Even if your are a company based in Singapore but you deal with personal data from people living in member states, you have to make sure you comply. The new rules also apply to companies using contractors outside the EU to manage their database as well as those hosting their data in the cloud.
What does it mean for marketers?
Ask for permission: Managing leads from your website or your latest display campaign will change. You will need to give customers opt-in or incentives to be allowed to use their data, instead of simply taking data without even asking. In short, your leads will need to tick on a box to actively request to receive your e-newsletter after downloading your white paper.
Monitor access: The GDPR also provide EU citizens the right to access and remove their data as well as to be forgotten. It will be your responsibility to make sure that your users can easily access their data to modify or remove it. That means more than ever, an unsubscribe link in your email campaigns and the possibility for customers to manage their accounts and preference between various types of information you can send. And above all, if your customers have opted-out of your emails, don’t email them or you will break the law.
Focus on the must haves: Eventually, the GDPR also tracks down information overload. You will need to focus only on the data you need, not the ‘nice to have’. For instance, do you need to have the educational background of your customer in your database? Probably not unless you are selling training courses. So if this is not the case, let your database slim down.
Does it change anything to your customer relationship?
It sure does. The need to ask for permission will most likely streamline marketing databases. Companies will have to rethink about how they collect, control, update and manage their data. Needless to say, buying mailing lists is no longer an option under the new regulation. Marketing automation will also need to be monitored with caution. When planning email sequences in advance, you run a greater risk of sending an email to an opt-out customer. In addition, more elaborate marketing programmes involving couponing, retargeting or sponsoring systems may become more complex, if not impossible, to run without breaking the law. One can wonder whether we are not reaching the end of programmatic advertising altogether.
On the bright side, being upfront and transparent in the way data is used is a best practice. It will trigger marketers to focus on their core business: segmenting customers and creating content that is really of interest and adapted to their targets. If well implemented, GDPR also provides a great opportunity to get more market insights and develop a healthier customer intimacy based on transparency and trust. So, let’s roll up your sleeves and contact us to start the grand Data Spring Cleaning!
More information on our marketing page
French version of the article