It’s the 25th of May, which means it’s exactly 12 months to go until the GDPR is officially launched. But what exactly does that mean for your online activity?
We’re looking at what exactly the GDPR is and how it will affect your marketing channels – as well as which ones it will hit the hardest.
But first thing’s first…
1. What is the GDPR?
Well let’s start with the GDPR first. The General Data Protection Regulation is an EU regulation that is intended to replace the Data Protection Direction that has been in place since 1995.
The GDPR will come into effect on the 25th of May 2018, two years after it was officially released.
The primary objective of the GDPR is to give EU citizens more say over their personal data. The GDPR allows customers to have more of a say over how their data is collected and used by companies.
Failure to comply with the GDPR carries hefty penalties of up to 4% of annual worldwide turnover or 20 million euros.
2. It’s opt-in, not opt-out
One of the biggest changes that the GDPR will introduce is the opt-in, rather than opt-out model of collecting customer data. This is a change that is most likely to affect email as a channel, according to a DMA survey.
As part of the GDPR, all customers have to consent to have their details used by the company.
The GDPR clearly defines consent as;
“…any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed”
The use of ‘freely given’ indicates that there must be a free and genuine choice. It also means that, unless the data is necessary for the transaction or service, then there is no reason to collect it unless consent is given.
Under the GDPR, implied consent is no longer enough for businesses to collect your data. This means no more sending out emails to those who have purchased from you in the past. Instead, they will be required to opt-in to receive newsletters.
3. You need to delete data
Under the GDPR, all customers have a Right To Be Forgotten. This is one of the more central points of the GDPR – allowing customers to have more control over their data and how it is used. Businesses will be required to let customers remove their data from their systems, especially if they feel it was unlawfully collected in the first place.
This isn’t necessarily a bad thing. Only 13.8% of brands are very confident that the data they collect is accurate, according to an Experian Personalisation Report. Focusing on collecting useful and correct data may lead to a better return on email in the first place.
In some cases, it may be wise to put in place a process or flow for any requests that may come from customers that surround their data. Requests to view, amend or destroy data may come through after the launch of the GDPR. If you are suddenly inundated with requests to remove data, you need to be sure that the correct processes are there to deal with requests.
While businesses are not required to give online access to customer data, they are legally required to facilitate access to the data. Making it as easy as possible for your customers is good practice, and can lead to happy, loyal customers.
4. You’ll need to report any data breaches
The GDPR also requires that all data breaches are reported ‘without undue delay’. This notification also needs to go out to customers if the business suspects there will be an adverse impact.
There have been quite a few high profile cases of data breaches in the past few years. Wonga, Three and Sports Direct have all had data breaches this year – with Sports Direct being called out for having not reported it sooner.
Once the GDPR is in effect, this may cause businesses to start making their data collection and storage processes more secure. It’s important to make sure that you have the right processes in place not only to report any potential data breaches, but also to detect them in the first place.
5. Start preparing now
There might still be a year until the GDPR comes into full effect, but it’s better to be overprepared than underprepared. Many businesses out there will need to change their approach to building databases and data management, as well as how they collect customer data in the first place.
The introduction of the GDPR won’t be unmanageable – but if you are struggling, the ICO has introduced a helpful guide for how to prepare for the GDPR in 12 steps.
One thing you can be sure of, however, is that the first company to get hit by the GDPR will be hit hard, and the combined result of the fines and media bloodbath will be quite something – so make sure you’re on the right side.
You can read the full text of the GDPR here.