The digital marketing world was sent into a panic with the announcement of the General Data Protection Regulation that comes into play as of May 25, 2018. The 300-page GDPR document can be daunting, but we’ve done some of the leg work for you, by answering some the questions we had ourselves!
What is the GDPR?
The General Data Protection Regulation has been enacted, to give people more control over how their personal access is used. It applies to all EU member states. Yes, even with Brexit on the horizon, it will still apply to members of the United Kingdom. GDPR means that personal data is processed lawfully and transparently.
Okay, let’s take a step back. What constitutes ‘Personal Data’?
Personal data includes digital data such as email addresses and IP addresses, but also data like social, location, economic and interests. This is data that can affect advertising to audiences through the likes of Google, Bing, Facebook etc, which could impact your Paid Campaigns.
What does this mean for digital marketers?
All data must be given by active consent. Many messaging, as in email newsletters, can be passive with pre-ticked boxes or opt-outs, but data handlers must now have a record of how and when a person gave permission for their date to be used. It is best to start these active practices now, so when GDPR hits, your collected customer database meets GDPR requirements. Recipients also have to be informed of how their data will be used. If you are going to profile a user’s data to formulate which offers they receive, the company must be up-front about this before the user gives consent.
As well, users are able to enact the ‘right to be forgotten’ rule. They can demand all of their data to be erased. This means digital marketers, such as ourselves, are responsible for deleting information they hold as well as telling other digital organizations – such as Google/Facebook – to delete any copies of that data.
An example of active opt-in:
Add Record Keeper to your CV
The burden of proving consent now lies with the company that initiated the opt-in. Companies and brands must be able to prove this active consent at any time. Keeping this information in a .csv type format ensures that information is handily accessible.
If your company has not been keeping track of these opt-ins… now is the time! It is quite painless to run a re-permissioning campaign to make sure these opt-ins are in place by the time Spring 2018. Yes, you may lose some subscribers in the process, but you will be keeping quality, and most importantly, legal, leads.
What happens if we don’t have measures in place in time?
Most simply: You pay. Non-compliance with GDPR can lead to fines of up to €20 Million, or 4% of a brand’s total global annual turnover (whichever is higher). Ouch.
Should we be afraid?
Short answer. No. 2018 gives companies enough time to put an updated digital consent plan in place. Canada went through a very similar upgrade in standards in 2014 with the Canadian Anti-Spam Legislation (CASL,); many digital marketers experienced growing pains, but now creating campaigns with an opt-in is second nature.
- Before GDPR hits, run a re-permissioning email campaign for current contacts.
- Collecting leads: ensure active opt-ins are in place. (A box to tick versus a pre-ticked box.)
- Cookies: When people visit your website which will be tracked, ensure you have an active opt-in for users to give permission. Cookies will have to be blocked until the user gives permission!
- Create a system to collect and store leads who have actively opted in.
That’s where we come in. The digital experts at Silverbean can guide you through GDPR requirements for all of your digital properties. So if you have any queries or concerns, feel free to get in touch with us via our contact form (which you’ll see on the Navigation Bar at the top) or give us a call.