Preparing for GDPR: What you need to do.

What is GDPR?

The General Data Protection Regulation (GDPR) is a digital privacy regulation coming into place on May 25th 2018.  Simply put it combines and simplifies privacy legislation across the EU, into one set of rules which all companies need to follow.

To remain GDPR compliant, you’ll need to seek permission to use customer data, clearly state what the data is to be used for and easily allow users to revoke access.  Whilst this may feel like more paperwork (and who likes paperwork!), it gives your customers reassurance that their data is being used in the right way and a way which is useful to them.

The fines for not being GDPR compliant are quite grabbing, with those fined for serious consequences seeing fees of up to €20 million of 4% of their annual global company turnover!

How does GDPR impact marketing?

As marketers, we use customer data in many forms of our work: from simple email marketing, to customer match retargeting through Adwords and social media advertising – so how does GDPR impact our work?  There’s three core areas to consider:

  • Data Consent
  • Data Justification
  • Data Removal

Once you’ve agreed on your stance regarding consent, justification and removal you’ll also need to update your privacy policy to reflect this.

Data Consent

Consent is the crux of GDPR and covers how you manage email opt-ins, privacy updates and use of data.  You can’t simply assume that customers want to be contacted by you (even if they’ve given you their email!).  From May 25th, they need to express consent in a ‘freely given, specific, informed and unambiguous’ way with clear and affirmative action.

The long and short of this is that customers need to physically confirm that they want to contacted by you… they have to opt-in or update their preferences, not opt-out.  The easiest way to achieve this is through a tick-box option on any sign up forms (it can’t be pre-checked though). Say for instance a customer is downloading a guide, by adding a tick box to the download form to add them to your newsletter database, which they tick to agree, you can then send them your newsletters with no issues: they’ve opted-in to receive this form of communication

Data Justification

Gone will be the days of collecting data for the sake of it – every piece of customer information you collect must now have a purpose and a legal justification.  

Some data naturally makes sense: for a fashion site knowing gender will help the customer by ensuring you send them information and products most suited to them; however knowing gender makes no sense for us!

From a conversion rate point of view, this may be a blessing in disguise…. we all hate filling out long forms with questions for the sake of it,  now the simpler you can keep your form, the better (and you’ll be GDPR compliant!).

Data Removal

All subscribers (whether email subscribers, past customers or those who have downloaded lead nurturing papers), must be given control over how their data is collected and used, meaning that they should easily be able to remove their data for your database. 

Having an unsubscribe option on your emails is the simplest way to do this; however if you send a number of different types of emails you may want to consider a “manage your preferences” style option.  Most off the shelf email providers will have this built in, so you just need to include a link to it in your emails, the footer is an ideal place.

What do you need to do?

First and foremost update your Privacy Policy specifying how customer data is used (Justification).  

Secondly, ensure any contact forms/download forms include an opt-in option to any additional marketing material you may wish to send them (Consent).  

Thirdly, place unsubscribe options on every email you send to your database (Removal).  

Finally, send a re-engagement email to your current database asking them to opt-in to receive future communications from you or update their contact preferences – be specific on what these communications involve (is it monthly newsletters, weekly roundups, product launches etc).

Want to learn more?

  • GDPR Portal – The GDPR portal contains the full legislation, broken out by key changes
  • ICO Checklist To Compliance – A fantastic 12 step list to help you through your preparations
  • Mailchimp’s Advice – The email provider also lists off plugins they’ve created and changes they’ve made to help being compliant be as easy as possible for its users.
  • Campaign Monitor’s Thoughts – An easy to understand overview from email platform Campaign Monitor, with a glossary of key terms.

Check out our blog about the Cambridge Analytica Data Breach and what it means for Advertisers on Facebook in the future.

Please note that any advice we give you on GDPR is purely that – we’re not the experts.