The General Data Protection Regulation (GDPR) is a hot topic lately since the new consumer privacy regulations adopted by the European Union (EU) are affecting virtually every industry. It changes the way companies can collect and process personal information across the second largest world market. The EU generates close to $20 trillion in GDP a year and any company operating there should be well aware of the fact that how GDPR would influence their business operations.
What is the General Data Protection Regulation (GDPR)?
The GDPR is a legal framework that stipulates how organizations collect and process personal information belonging to individuals within the EU. All companies that deal with data of EU citizens are subject to the regulations and GDPR compliance consulting, which include industries such as banks, insurers, marketing companies, service providers, and e-commerce merchants.
The new legal framework covers personal data extending to details such as the IP address of a customer using an online service or completing an online survey. It also extends the coverage of the right of an individual to be forgotten and introduces strict rights to data portability.
As a result, businesses should drastically cut the amount of information they require and collect from individuals. Furthermore, the GDPR prohibits organizations from transferring data to a country outside the EU. Transfer of personal data under the GDPR is possible only if the destination country provides the same level of protection.
Thus, the new legal framework will affect the majority of companies doing business across the EU. Apart from the financial industry, marketers and corporate marketing departments will experience the most pressure to adapt to the new regulations as they are actively collecting personal data.
Implications of GDPR for Marketing
The GDPR is effective since 25 May 2018 and marketers must comply with new rules for explaining and obtaining consent for prospects and existing customers that are on their email lists. The same rules apply to personal details you store into a CRM or another software you use for storing data on your clients and prospect customers.
One of the most affected will be those conducting direct marketing activities as they will have to be able to demonstrate that they comply with the new rules for obtaining consent or risk hefty fines.
For instance, the GDPR allows you to use data you obtain from a marketing campaign or a contest only for the very same purpose. You must obtain further consent if you are to use this information for other purposes.
Hence, you may need to assess it for complying all your marketing databases in the light of the GDPR. The regulation removes the concept of assumed consent by saying:
“Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
Therefore, you should prepare yourself for being able to prove how you have been asked for consent and who exactly provided that consent. Also, the people you have in your marketing databases can withdraw consent at any time and they should be able to withdraw consents as easy as they provide it.
Take for example a marketing service that provides business growth service through backlinking. They have to collect a lot of information about you and your business in order to provide great service and avoid any kind of link building practices that could hold back your strategy to build a personal branding website, for example.
Under the GDPR, the marketing company must be able to prove they have collected only information required for creating backlinks to your blog and you have provided explicit consent for all the data you have provided to them.
In addition, the GDPR eliminates a widespread practice of putting pre-ticked boxes on websites and software apps, which are no longer considered proof of consent.
Misunderstandings about the GDPR for Marketers
Many people believe that the GDPR affects only European companies. Actually, the regulation covers any organization conducting business in the EU or having EU citizens on their databases. The chance is good that you are not subject to the GDPR if you are a local grocery store in Paris, Texas. You are subject to the GDPR if you are an online business or a brick-and-mortar store that has just one EU citizen on your records, however.
Second, obtaining consent under the GDPR is not necessarily a nightmare for a legitimate marketer. In fact, the regulation is carefully drafted to enable marketing people to take advantage of legitimate interests for most of their data collection and data processing. You can perform segmentation, as well as target and profile clients and prospects under legitimate interests. Sure, you need to adjust your business practices to the GDPR but you can do it without appointing a data protection officer. Actually, having a data protection officer is not mandatory under the GDPR.
Although the GDPR is in force starting 25 May 2018, nobody expects all the companies to be fully compliant by that date. The bigger challenges for marketers and any other business are yet to come. These challenges are related to a revolutionary new way of obtaining, processing, and storing data from third parties. We all need to adapt to a new corporate culture in this domain and learn to take advantage of Big Data while better protecting the data we collect.
Foix Coral Mallofre
Foix is an internet marketing specialist at Point Visible, a marketing agency providing link building and digital marketing services. She loves traveling and books. Her latest challenge is – learning Croatian.