GDPR is the biggest shake-up in data regulation since the Data Protection Act of 1998. 20 years ago, marketing, PR and ad campaigns mainly hinged on basic demographics and response rates.
Fast forward to today, and campaigns rely on wide and deep data relating to all kinds of personal information such as salaries, loyalty data and social media behaviour.
With consumer privacy and protection at the heart of GDPR, marketing and advertising professionals are confronted with a major legal data challenge: they’ll struggle to use it if they find it, and they’ll struggle to hold onto it once they’ve got it. The gap between marketing today and marketing post-GDPR will be considerable. So, how can we mind the gap?
PLANNING: why it’s important
“Failing to plan is planning to fail”, says the old adage. There’s no point in waiting for GDPR to come and bite you on the proverbial backside. When GDPR kicks in on 25thMay 2018, it will inevitably affect your business, including the likelihood of significantly slowing down your outbound marketing activity. To manage the impact on business development and sales, you must face the change and adapt your marketing tactics and processes.
Dom Lane, strategic director at Colour & Thing, is positive about the changes. He says: “This is a classic case of less is more. Sure, with GDPR we’ll all have smaller audiences to talk to, but that means we focus on engaging with them better. On creating and developing meaningful dialogues with our customers, prospects and influencers. Things we really should’ve been doing already as marketers instead of the old “spray and pray”.”
EXECUTION: what to do with data
There are several specific data processes you need to set up so you are GDPR compliant on opt-ins, tracking, information access etc. If your business is large enough to appoint a data protection officer (DPO) to support your GDPR transition, work with them.
Specifically, look at how your data is:
- Collected: follow ICO opt-in and wording guidance. Future Content has published some useful examples of opt-in user flows, copy and content here.
- Recorded: you must be able to prove that you have received consent
- Stored: data privacy and security are essential for compliance so review your data storage, backup and disaster recovery
- Retrieved: you must be able to provide details you hold on individuals on request
- Shared: you must be transparent about who you share details with, and any third parties involved
- Deleted: people now have the “right to be forgotten”, so you must be able to delete all records relating to each data subject
To help marketing and advertising professionals with GDPR compliance, The Chartered Institute of Marketing (CIM) has collaborated with Me Learning to develop GDPR e-learning courses. To find out more click here.