Come May 2018, we will experience the biggest change to data protection rules ever seen in the last two decades. It will bring forth huge changes to the way in which businesses handle customer information.
GDPR (General Data Protection Regulation) is a step up towards data protection which brings in new rules for accessing the data of customers held by companies. It defines the obligations of business owners for better data management.
"The GDPR is a step change for data protection. It's still an evolution, not a revolution” says Elizabeth Denham, the UK's information commissioner, who is in charge of data protection enforcement.
GDPR is going to change the way personal data can be consumed by companies.
What is GDPR Actually?
GDPR is a regulation passed by the European Parliament, the Council of the European Union and the European Commission to strengthen data protection for all individuals within the European Union (EU). It sets out numerous requirements for data protection. This regulation is all about data privacy and intends for safety of personal data that is held, managed, and processed by companies.
Personal data includes all such information that can be used to directly or indirectly identify a person, including name, email address, photos, posts on social media, medical information or even a computer IP address.
When is GDPR Effective?
Effective May 25, 2018, the European data protection law will roll out the GDPR. It replaces the existing data protection regime for the EU under Directive 95/46/EC.
Why is it necessary to be GDPR compliant?
In the last few years we have seen score of massive data breaches. In today’s world of internet, generation, collection, utilization and retention of personal data has been the highest ever.
The main intention of GDPR is to update the data privacy standards that were originally established in 1980. In simple words it is necessary to amend the old regime that was no longer fit for the purpose.
To whom does GDPR apply?
GDPR aims to apply a single data protection law which will become binding across all EU member states and go beyond EU into Asia and America.
If you are an organization involved in processing personal data for the sake of selling goods and services to people in the EU countries, then you need to be GDPR compliant.
But that’s not all, GDPR will also apply to organizations not just based in the EU, but to any such organisation that is processing and storing the personal data of EU citizens irrespective of whether the company is located in EU or elsewhere. This means the GDPR may not be applicable because you are located elsewhere, but it will apply to your customers who are in the EU countries.
GDPR Penalties for non-compliance?
Imagine you have planned an email campaign, and you have sent emails to people in your database. You can land in trouble for not being GDPR compliant unless the person has given explicit and unambiguous permission to you to email them. You can be fined by EU up to €20 million or up to 4% of your global turnover whichever is greater.
How does GDPR affect Social Media Marketing?
Social media has become the most important tool for marketing for almost all the companies. Hence every company which is into marketing will have to understand the effect of GDPR.
There are two big changes affecting your marketing activities.
If you are sending email campaigns to your audience, it’s your responsibility to make sure that your audience has given consent to receive information. For this you should keep a record of when and where your audience has opted in. For this your audience has to ‘tick’ a box which explicitly and unambiguously informs them about what you do with their data.
You cannot automatically drop cookies, which is essentially required for re-targeting visitors to your website, unless your audience has given explicit permission to do so (opt in). For this your audience has to explicitly agree to cookies without which you cannot automatically drop it in their browser.
Steps to ensure that your brand is GDPR Compliant
GDPR’s main aim is to benefit consumers and bring about higher control and transparency. Since the personal data has to be protected and safeguarded, GDPR demands additional requirements from organisations involved in collecting personal data for selling their products and services.
It’s important that you take enough measures to make yourself GDPR compliant:
Launch Opt-In Campaigns
Think of a campaign where you can re-engage your customer database and get the required opt-ins from your audience. Announce an incentive to opt in to receive your emails. This will reinforce the need of your customers to receive your communication relating to your products. It will ensure that you receive additional benefits such as higher conversions, better open rates and more personalisation.
Seek Permission to be contacted
With GDPR it is highly recommended that you go ahead and start taking consent from all your customers whether they wish to be contacted or not. This is essential requirement of GDPR. The customers can be contacted only when you have a clear permission to do so. It would be worthwhile to take some time out to gather the permission from customers to be contacted for brand communication.
Transparent Collection of personal data
To bring in higher transparency, start by making the privacy notices loud and clear which are easy to read format. Where you need the contest for processing personal data, state it specifically and inform the audience clearly that you will be using their personal data. Take informed, unambiguous and free statement by the customers who clearly give affirmative action.
Protect personal data
With GDPR, make all necessary arrangements for the personal data collected from customers to be managed with highest protection. Any unauthorized or unlawful processing of personal data should be avoided. Any loss, destruction or damage of personal data should be checked with the help of technological support in an organisation.
The stress on highly relevant content cannot be higher than at this point of time when GDPR is about to be rolled out. As the content will reach the people who has opted in, you should make sure that your content is relevant and should not make the customers regret for having opted in. Creative and interesting content will make sure that the customers who have opted in will continue to do so.
Clearly social media will move towards ‘opt-in’ marketing where consumers are in charge of their personal data. Brands have to be extra cautious while they communicate over social media ensuring that you adhere to the new rules of privacy.
You may see fewer people on your Twitter or facebook follower lists, but those who are on the list are not likely to open your communications, read and engage with it.
With GDPR there is higher emphasis on Transparency which is a fundamental part of gaining customer trust.