The EU General Data Protection Regulation (GDPR), which replaces the outgoing Data Protection Privacy Directive 95/46/EC, goes into effect of 25 May 2018. It’s the most significant change to data privacy regulation in the last 20 years, enhancing and expanding on the key principles of data privacy found in the Directive.
A number of changes will be introduced in the new legislation, which you can read about in other articles on our site, but the key changes for marketing companies (or companies that market) involve new requirements for transparency and data subject rights. Here is what you need to know not only to comply with GDPR, but also to leverage the new policies to the benefit of your business.
Challenges to marketing teams
The new requirements of transparency and accountability related to the collection and processing of personal data have many marketing experts concerned, and rightly so. Looking at the current way of doing business, there may be quite a gap to bridge in order to comply with GDPR. Here are a few of the most common concerns:
- Consent may not have been requested in a transparent manner.
- Data subjects may not have been informed about processing purposes.
- Data may be processed for purposes other than ones explained when asking for consent.
- The previous approach to consent may have been “opt-out,” while the new GDPR requires users to “opt-in.”
See also: Is consent needed? Six legal bases to process data according to GDPR.
Going back and implementing GDPR requirements on existing data is likely to render a significant portion obsolete, or simply unusable. And, even if consent is correctly obtained going forward, many data subjects will not opt-in. Either way, the amount of available data for analysis is sure to decrease.
So, what’s a marketing team to do?
Well, you have to become compliant with the GDPR in principle and in spirit – there’s no way around it. The basic steps are:
- Be transparent about what is being done with personal data. Utilise a privacy notice, or other means, to proactively inform data subjects about what personal data you collect, and why.
- Ask for clear and explicit consent from data subjects – pre-ticked boxes won’t suffice. (See also: Four main questions for obtaining and managing data subjects’ consent under GDPR.)
- Be open to data subjects’ requests. While fulfilling every request is not mandatory, there are instances where you must observe data subjects’ rights. (See also: EU GDPR Data Subject Access Request Flowchart.)
Of course, like most things, this is easier said than done. But, by doing things the right way now, and in the future, you can ensure that the data you do collect can be used for the purposes you have planned.
See also: A summary of 10 key GDPR requirements.
How can GDPR compliance benefit your marketing team?
Companies benefit from GDPR compliance in two key ways: consumer trust, and more relevant data.
The transparency that comes with GDPR compliance creates trust among your customers, by allowing them to choose what data they wish to provide, and how they allow it to be processed. Once this trust is established, then data subjects are more likely to provide their data and to consent to its processing for marketing purposes. Using this accurate, relevant data to target marketing efforts will result in more conversions – and happier clients who get just what they need from your company.
See also: 4 key benefits for companies complying with GDPR.
Conclusion
Sure, at first glance, GDPR may sound like the death of targeted marketing efforts based on personal data. But, in the longer term, the benefits will be evident – for both the consumer, and the company. So, when you begin your GDPR implementation project, make sure your focus is on accountability and transparency, and you’ll be on the right track to success.
Use this free EU GDPR Data Subject Access Request Flowchart to learn what to do once you receive such a request from your clients or website visitors.