I want to start by saying I am not a legal expert on the GDPR. However, I have certainly learnt a few valuable lessons on my GDPR learning curve. In this blog, I want to try and capture:
- What impact will the GDPR have on marketing?
- Why is it an opportunity?
- My tips for compliance.
So how does the GDPR, which comes into force on 25th May 2018, impact us? Well, any business that collects, stores or processes the data of EU citizens will soon be held accountable under the new data laws in a bid to give EU citizens greater power over how their data is stored and used.
The regulations will give people more control of their data, maintain ‘consent’ standards across all EU countries (which essentially means offering consumers a choice and giving them the control) and make businesses far more accountable about how they use personal data. And non-compliance comes at a significant cost, both financially (a maximum of 4% of annual turnover or £20m) and in regards to the inevitable damage to corporate reputation.
Ultimately, too many businesses have been misusing customer data. The GDPR, and the knock-on effect it will have on marketing communications, will help give customers their digital privacy back. The primary outcome will be the fundamental change in the way businesses treat their customer’s personal information and put the customer in the driving seat. Power to the people!
Why it should be seen as an opportunity, not a threat.
The GDPR, broadly speaking, should be seen as the perfect opportunity for all businesses to upgrade their data security, accountability, transparency and customer engagement.
The new regulation presents a refreshingly new approach to data compliance. Customers should benefit significantly as organisations adapt to better focus on their needs. And those businesses that embrace the regulations and champion privacy and value will be able to establish stronger relationships with consumers on more common ground. The result? Customers will be able to put more trust in the businesses they love, safe in the knowledge that the personal data they are sharing with them is secure and the businesses will put maximum effort into actually providing valuable, authentic content.
If you don’t know where to start, here are my tips for compliance:
Appoint someone responsible for the data: Appoint a Data Protection Officer (if an issue arises, the Information Commissioner’s Office (ICO) will look for every business to have someone who is accountable).
Start auditing your database immediately: Remove anyone who you can’t be 100% sure has opted-in to hear from you. For best practice, any new subscribers should receive an automated email to confirm they want to join the mailing list – known as a double opt-in (if you want to know how to do this in HubSpot, here is the link). An expected 75% of marketing data is expected to become obsolete when the regulation becomes law.
According to the DMA UK, a good data audit should answer the following questions (this should be written down and kept on file in case it’s ever needed):
- What data do you hold and why?
- How do you collect the data?
- How and where is the data stored?
- What do you do with the data?
- Who owns and controls the personal data?
- What are your steps for retention and deletion?
- Who is responsible for the data?
- Define what consent/legitimate interest is (it is different for every brand).
Review your current data collection set up: Stop buying data lists. Delete the majority of purchased contacts (determined by audit) and analyse how you are getting new marketing contacts. Wetherspoons, the UK pub chain, actually took the unprecedented step of deleting their entire email marketing database (over 650,000 contacts). While that might seem extreme, the key (and the main opportunity) is you will then have a guaranteed engaged and interested audience. Basically, you need to be sure that every name and email address in your database has given permission to market to them. Ignoring it or failing to audit is asking for trouble.
Create content tailored to potential customers: Focus on a content marketing strategy by creating assets that prospects can access and download in exchange for them sharing their contact information. You need to show the value you are providing your customers with in exchange for their information. Additionally, spend time improving your SEO rankings with a focused blog/inbound strategy.
Add a privacy policy on your website: Every business must link to a privacy policy page for compliance. You can start with this template, however, ‘you will, of course, need to adapt the privacy policy to suit your website and business’.
Think about social selling: Educate your sales team about social selling techniques. They won’t be able to cold email prospects as they used to anymore, but they can connect with them on social channels and share relevant content. If cold emails are the lifeblood of your business, follow this guidance:
- You should have a strong reason to contact a prospect. Your cold email should be logically connected with their business statute.
- Invest a lot of time in a more precise targeting of your campaigns; make sure both sides are likely to benefit from that potential business relationship.
- Customise and personalise your email and send it only to people at carefully chosen companies matching your own business.
- Any personal data for your contact lists should be obtained in a legal and transparent way.
- You should be able to explain how and why you decided to process personal data.
- Give your cold email recipients a clear way to opt out from further correspondence.
- Do not follow up without consent. Additionally, you don’t own the personal data you process so don’t share it with other people and companies.
There are my tips! The GDPR is going to be a revolutionary change for marketers, but the most important thing the ICO wants to see is businesses making a conscious effort to clean up their data and act. The businesses they want to go after are the ones who are misusing the data they have and making no effort to sort it out.
If you take one thing from this blog, let it be this: If you don’t have opt-in permission from your contacts, don’t send them marketing emails. If you do, you are breaking the law.
If you want to find out more about what the GDPR means for your marketing activities, and how you can adopt best-practice techniques, get in touch!