What marketers need to know about GDPR: The countdown to May 2018
GDPR is only around the corner and it is getting closer everyday. That sentence sounded scary right? Well, the enforcement for GDPR is on the 25th of May 2018 - giving you little time to get all your ducks in a row.
It is hard for anyone to cut through all the information out there, but what do marketers really need to know? First things first, to make sure you are GDPR compliant, it is best to carry out a consumer data audit across your digital ecosystem, to answer the following questions;
What consumer data do you hold and why?
How do you collect consumer data?
How and where is the consumer data stored
What do you do with the consumer data?
Who owns and controls the consumer data?
Do you have adequate technology / process to adequately manage consumer data processing?
This information may need to be reviewed but it is a great place to start in order to have complete transparency with your customers. But what other considerations do marketers need to think about?
Respecting privacy: This is the best way to build strong and authentic relationships with your customers.
Being transparent: Make sure your customers understand why you need the data and what exactly it is going to be used for.
Include everyone: This legislation will be in practice soon, so let everyone in the office know how this may affect your business (training is key and essential).
Data is not forever: Make sure that you regularly check your data as consent does not last forever (only for 6 months to be exact!)
Policies for Marketers
At the moment it is unclear what the policy will be around be Privacy legislation as Legitimate Interests, may be an alternative to consent. The GDPR policy does not state that organisations need to obtain an opt-in consent for their marketing but the interests of an organisation must not be outweighed by the privacy rights and freedoms of individuals, for example.
The DMA mention this in their information about e Privacy;
Article 16.1 of the Regulation states: ‘Natural or legal persons may use electronic communications services for the purposes of sending direct marketing communications to end-users who are natural persons that have given their consent.’
This means that direct marketing sent to ‘natural persons working for legal persons’ requires prior consent. For example, emailing Joe.Bloggs@dma.org.uk would require consent. However, consent would not be required when contacting generic email address such firstname.lastname@example.org. The European Data Protection Supervisor has also echoed this opinion.
This suggests that marketers will be able to use legitimate interest as a legal ground for their marketing activity.
To find out more about how GDPR might affect marketers, head over to our external sources below;
- Here are some tips for marketers to prepare for GDPR - are you ready for the 25th May?