With the recent Facebook data debacle, data privacy is top of mind. Just in time for May 25, the date that the General Data Protection Regulation (GDPR) goes into effect in the E.U., setting a new standard for the protection of consumer data.
And it’s not just European countries that are going to be affected by the new rules and regs. U.S. companies are on high alert as well, some rethinking their European strategies and operations and others wondering if GDPR is going to put them at a disadvantage.
Why? Because data is transforming the way companies interact with consumers, offer solutions based on personal preferences and needs, and enhance the consumer experience. So, what does the GDPR deadline mean for marketers whose strategies are revolving around data? It means changes, in some cases massive ones, in the way companies use and protect consumer data.
Bottom line, it means organizing your data into GDPR-compliant segments so you don’t make any grave mistakes with your consumer outreach efforts. Here’s a little background:
A quick primer on GDPR basics. With every high-profile data breach, the public gets more and more concerned about data privacy and protection. Banking and financial data, along with security and identity information like passwords and drivers’ license data, are the biggest concerns.
According to the RSA Data Privacy & Security Report, consumers won’t blame hackers for the breaches. They’ll blame the companies that got hacked for not doing more to protect their data. The report goes on to say that 72 percent of U.S. consumers would boycott a company that was lax about data protection. So this is not just the E.U.’s problem.
Types of data GDPR covers:
- Name, address and ID numbers
- Web data including location, IP address, cookies and tags
- Health, racial, ethnic and biometric data
- Political opinions
- Sexual orientation
Companies that must comply:
- A presence in the E.U.
- Data on European residents
- More than 250 employees
- Fewer than 250 employees, but uses consumer data
What is compliance?
If you’re reading this right now, you’ve likely been scrambling to comply with the new rules and regs that will go into effect May 25, 2018. But what is compliance, exactly? It’s a gray area that leaves room for interpretation. But this is the framework:
- Build privacy settings into digital products and websites and have them switched on by default. Consumers don’t have to opt in, in other words.
- Conduct privacy impact assessments
- Seek permission to use data
- Document the ways they use data
- Improve processes for communicating data breaches
Failure to comply will mean fines, hefty ones. Last year, Flybe sent emails to its database of 3.3 million people asking if their details were correct, and because some of those consumers had previously opted out, Flybe was fined £70,000. The GDPR is not messing around.
What it means for marketers after May 25
Well, everything. Not to overstate the situation, but if you use an email list to communicate with consumers, and those consumers have not opted in, that’s all it takes to be in violation of these new rules. Email marketing managers, automation specialists and PR pros in all sectors of the economy need to be on high alert.
Here’s what you have to be concerned about:
- Data permission
Your email leads need to opt in. And we’re not talking about an automatic opt-in. They need to confirm they want to be contacted by you. It is a choice that they physically have to make, or you are in violation of the law.
- Data access
Consumers will now have the right to have their data erased or removed from your database. It’s called the right to be forgotten. For you, it could be something as simple as having an “unsubscribe” field within your marketing emails, or allowing users to easily manage their email preferences.
- Data focus
This covers the type of data you’re collecting. According to SuperOffice, this means you must focus only on the data you need and stop asking for the “nice to haves.” Be clear about this, because you’ll have to legally justify the personal data you’re collecting.
First things first. Don’t panic. We recommend:
- If you haven’t already begun to internally audit your mailing list, it’s time to do that now. Remove everyone that has not opted in.
- Revise your email template to include a check box for opt-in.
- Consider putting a popup on your website that allows consumers to easily opt in.
- Update your privacy statement. Make sure it is GDPR compliant.
Sound complicated? We can help with that.
At Lineate, we are out in front of the GDPR juggernaut. DataSwitch orchestrates the data from every channel you’re using, synthesizes that data and runs campaigns on ad platforms. It is a centralized way to store and manage consent, so you can avoid mistakes. It can track the individual consent journey to provide transparency and build trust with customers.
With DataSwitch, you can build custom consent popups and automate “forget me” requests. The platform creates segments based on how users opt in and out of data collection by channel and device. Brands can see which touch points are driving the most consent responses to understand what’s working and what’s not.
If you’re concerned about complying with GDPR, contact us and we can walk you through your options. Because in the end, the data genie is not getting put back into the bottle. Companies need to use it more responsibly to ensure that consumer information is safe and secure. Then everybody wins. And that’s what we’re all about.