The General Data Protection Regulation (GDPR) will be in place by May 25, 2018, and it will change the way we all do business. Even though the regulation is for countries in the EU, if you have an online presence the GDPR applies to your business. This essentially makes the GDPR a worldwide regulation.
Marketers have both a challenge and an opportunity. If they can retool their strategy and get in front of the regulation it can be a good move.
The GDPR is a set of rules created by the European Union (EU) to provide clarity, transparency and protection for the personal information of all its citizens. It is designed to protect this information from unauthorized access and to help customers understand and control how their personal information is being collected, used and shared.
The GDPR stipulates that consent must be “freely given, specific, informed, unambiguous,” and articulated by a “clear affirmative action.”
In other words, marketing departments can no longer rely on soft opt-in processes, lack of opt-out or a general opt-in checkbox for all communication and analysis activities. This may mean communications, campaigns, web and mobile applications must ask for and store user consent on a more individualized basis.
Clear and Transparent Communications
Clearly communicating to customers on how their personal data is collected and used is key. However, this presents challenges, for example, if this involves big data, artificial intelligence (AI) or machine learning (ML).
The collection of digital and IoT data with a personal identification component is at issue. Marketers will have to answer these questions. Do site visitors know when this data is being collected? Do they understand how it is being used? Is the data being used to further sell?
Marketers may not use personal information to profile or analyze customers per the GDPR if it doesn’t meet certain criteria:
“Any form of automated processing of personal data consisting of using those data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.”
Can marketing prove that their analysis meets certain criteria? Will the resulting decision be in the best interest of the customer? Can the customer get a clear explanation of these decisions? Is the company taking measures to prevent discrimination on the basis of ethnic origin, political opinions, religion, and other criteria?
Three Steps Marketers Can Take to Prepare for the GDPR
While the GDPR presents sweeping changes in the way online customer communications have taken place over the last decade, it also brings with it opportunities There are three areas where marketers can take steps to avoid penalties from the GDPR if they are found in violation of the regulations:
1. Keep data accessible and organized
Under the GDPR customers should be able to access their data, rectify errors, request removal of personal information and restrict the processing and use of that data. If customers ask, the company must be able to locate all of their personal data. In a marketing department, the data may exist in multiple databases, at a vendor or even in spreadsheets on a desktop.
In addition, clear records will need to be kept about opt-ins and usage. If meeting compliance is overwhelming, data governance programs may be a solution.
2. Give customers access to their data
It’s no secret that customer experience is key to online sales. That includes the fair use of customer data and customer access to their data.
Guidance documents note that using personal data to gain a better understanding of customer needs may meet expectations, selling social media data to third-party vendors may not. The message is that companies need to provide significant value to customers if they are using that data to make sales.
3. Add value for customers when you use their data
Communicating your message of what you provide for your customer internally in your company will go a long way. It will need to be visible in all communications, including clear messaging for opt-outs and removing customers from databases when requested.
GDPR is leading the way to protect customers’ data. Getting prepared for GDPR is the first step in building a sound marketing strategy for customer communications.