Spring hasn’t brought in with it the best tidings for marketers. In fact it’s not a May too many of them are looking forward to because in less than a month the rules of marketing as we have grown to know it are going to be rewritten in ways we have never seen. The dreaded abbreviation that’s causing heartache to marketers and relief to consumers reads GDPR, which expands to General Data Protection Regulation. The regulation has seen organizations, both big and small run helter skelter in search for clarity. Data Protection Office has suddenly become the most handsomely paid yet thankless star rated job that has seen a meteoric rise. The furious pace with which businesses are rushing to ensure compliance is evidenced by the growth of Facebook’s Data Protection team by about 250% in its Ireland HQ.
Your organization might be a large behemoth or even just an entry level start-up, and whichever end of the spectrum you belong to, GDPR holds pole position as the greatest leveler for businesses. Without getting too deep into the text of the law, the clear essence of it is the protect of individuals’ personal data. That is to say that your personal data no longer the property of any business unless you explicitly grant permission. There’s a lot that goes into the DNA of the GDPR and this blog at best grazes through the surface to offer a ring side view of what it is and how it can potentially impact your business.
Today data means business. If valuation trends are anything to go by, the data a company holds trumps its revenue or brand equity. In May 2017, The Economist called personal data “the world’s most valuable resource’ ahead of oil, because of how much it now informs the way companies communicate with their customers and how it positively impacts customer experience. Beats conventional business wisdom, but is true all the way. When you think about the potential uses and the way data influence the sale of products, projected trending items, advertising strategy, and even businesses being launched, you might begin to understand the severity of this matter.
The General Data Protection Regulation (GDPR) is a new digital privacy regulation being introduced on the 25th May, 2018. It is a first of its kind effort by the member EU states to bring together a standard set of enforceable rules to govern the protection of user data that are currently used indiscriminately by organizations to further their marketing interests.
The regulation which goes a step ahead of the previous EU privacy norms which were directives adopted in early 80’s and updated in 1995. Draconian as it maybe touted to be, GDPR has the best interests of the consumer in spirit, helping ensure proper data handling, stricter regulations, and utmost compliance. The implication, ideally, is that as an individual, you will have better control and will observe the transparency in the digital marketing market. The regulation also mandates that web users be alerted by marketers with specific information on the data they expose or are about to share.
A lot, a whole lot. Not just customer profiles, the rules pertain to everything a marketer would love to collect and store as their data inventory including IP addresses, email addresses, pictures, just to list a few are now placed under the eagle eye of GDPR Act.
What are the main factors considered here?
Users can now easily walk into any company that is in possession of their data (either for storage or processing) and request for a copy of the information they have. Not only do they have the data, they are covered by the law if they want to know why the data is being processed and where it is.
The right to erasure or right to be forgotten gives users the authority to have their personal data deleted if they want. This, in effect, prevents the controller and other third-party apps exploiting the personal data or further processing the data. As seen, a one time capture of a person’s data does not automatically qualify a business to have a lifetime all access pass
The new GDPR regulation allows individuals to request access to their data and this access allows the user to receive their personal data in a clean electronic format. This can then be transferred to another company. The onus therefore lies with the business that captures the individual data to ensure that the data is maintained and provided as a record with a timestamp, anytime it is requested.
Remember the Cambridge Analytica scandal which dragged Zuckerberg name in the mud? When GDPR is in action, such a company is obliged to inform you that such a breach has occurred. Also, in case of leaks, hacks, and lost data, you should still information without first poking her nose. A corollary to be state here is that a leak would not automatically disqualify a company from maintaining its lead list but presents conditions that they need to adhere to, in terms of prompt communication and better privacy norms.
When organizations creat any system that would be used for the capture of personal data, the design of this workflow becomes a critical piece in ensuring data compliance and privacy protection. To start with There is a lot of emphasis on the security of personal data and failure to comply will result in stiff penalties.
Before now, businesses were to notify local Data Protection Authorities of whatever step they take, especially for activities which involve processing and monitoring of data. In the case of large multinational conglomerates or public sector entities, a single DPO can be appointed across a group of organisations. While it is not a mandatory condition for smaller organisations to appoint a DPO, all of these organisations will need to ensure they are armed with the know how and resources to be GDPR compliant.
The shift is imminent, just a few days to go. How can you brace yourself up for this huge paradigm shift in marketing?
Audit and Document Your Data
You should have a very thorough document which details the process of data collation, organization, and interpretation. Be sure to know where you get your data streams, when you captured it and whom you share it with. Using a proper CRM like Mailchimp or Salesforce can be a vital step in maintaining editable and downloadable lead/client data.
Review your Lead Strategy
If you have been previously capturing your consumer data through random third party or internal sources, rework it totally. Build compelling content in the form of Whitepapers, Ebooks and presentations that give the reader a strong enough reason to fill out an opt in form. Follow this up with relevant communication that doesn’t throw the kitchen sink at them but help them build a level of familiarity and trust with you. And that’s a good time to get your message out and close the deal.
Make Plans for a Data Protection Officer
If your company has a myriad of data sources or several sensitive sources of data which segment the data into different categories, a DPO is a must. In case you are not large enough to warrant the need for the DPO, you need to have ironclad privacy processes and practices that would cover for the need of a DPO.
Put Contingency Plans in Place
Prepare for the inevitable. When data breaches or a compromise occurs, make sure you have plans on ground to defend your business.
The only constant attribute of life is ‘change’. You either adapt and evolve or degenerate and become extinct. GDPR will certainly affect your marketing strategy and often may have you tear your hair and cry foul, but it also stands to reward those who can dig into their creative reserves while still maintaining the highest standards of transparency and integrity.
The storm is brewing and it’s fast approaching our neighborhoods. So brace up and stay prepared. Need we say, the more prepared you are, the stronger you will emerge.
Sign up for our biweekly updates on Digital Technology, Marketing and Strategy tips.
All emails include an unsubscribe link. You may opt-out at any time.