We first mentioned the GDPR back at the beginning of 2017, now everyone's finally panicking about it! In this article, we will explore GDPR for Marketing and the implications for marketers. The General Data Protection Regulation (GDPR) that's going to land in May 2018 is the biggest data privacy shake-up for the past two decades - but what does that mean for marketers?This subject brings up many of the same questions such as, what is GDPR? Does it apply to me? What changes do I need to make and will I be able to use the same tools & techniques? These are all important questions for marketers so in this post we are going to break it all down for you.
Let's get going!
What is GDPR?
So what does GDPR mean in a nutshell? Well, it's a new European regulation that comes into effect on May 25 2018. The regulation will replace the current data protection directive and hopes to give more protection to EU citizens and change the way organisations approach data protection.
According to the EU GDPR Portal:
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. The key articles of the GDPR, as well as information on its business impact, can be found throughout this site.
Fundamentally the GDPR will regulate 3 main things...
1. Data Permissions
First off is data permissions, how do you get permissions from users to use their email and personal data? The main point here is you need to say goodbye to all those good old soft opt-in forms and hello to getting much stronger consent- what we call a hard opt-in form.
This basically means that you'll have to use less dark UX and be more creative! Jim (Head of Innovation at Growth Tribe) noted a really good point that with GDPR on its way maybe live chat and chatbots will become even more essential because you don't need a hard opt-in to use a live chat or a chatbot.
2. Data Access
The second point you need to remember is users should be more easily able to have access to their data and see what data you have about them. They should also be able to ask for it to be deleted if they want and you should be able to facilitate this request.
From your point of view, this can be as easy as including an unsubscribe link for your email marketing efforts and probably giving users access to a personal profile where they can see which data you have and where they can actually delete parts of that data if they feel necessary.
3. Justifying Data Held
The final point, which kind of makes sense is that you should only ask for what you really need. Why does my flashlight app need to have access to my location? Why does a cosmetic company need to have access to my shoe size? The idea here is that we should only focus on collecting data that we actually have a legitimate reason for having.
This isn't actually bad news if you're a UX designer and your data scientist will definitely thank you later!
Who Will Be Affected?
Well, any business who's targeting customers within the EU and any business based outside of the EU but that's targeting customers inside the EU.
Which roles will be affected? Anybody that has an interaction with the customers, especially at the top of the funnel! This means Marketers, Product Owners, Lead Generators and Marketing Automation Experts, to name a few.
Will You Be Able to Use All the Same Tools?
Now, you might be thinking what about all these awesome tools I use? Will I still be able to use them? We've actually reached out to a few tools and we've done some research to demonstrate that many companies are taking a very proactive approach to the GDPR, here are a few examples:
Google, of course, has been taking steps to become compliant:
"You can count on the fact that Google is committed to GDPR compliance across Google Cloud services. We are also committed to helping our customers with their GDPR compliance journey by providing robust privacy and security protections built into our services and contracts over the years."
Our favourite data aggregation tool segment.com will soon be totally compliant:
"As a company, we believe the new legal requirements will raise the bar for honoring end users’ rights, and we welcome the legislation. Not only will the GDPR make it easy for end users to exercise their rights, but we also predict the Regulation will diminish data controllers’ reliance on third-party data sources for marketing and acquisition, as these data sources are often obtained and processed with questionable user consent."
Another one of our favourite tools Hotjar has also announced that they will soon be compliant:
"We are taking many steps across the entire company to ensure we will be ready for the GDPR. We are improving anonymity within our analytics tools and making changes to allow you to tailor how you request consent within our feedback tools."
However, our research shows that some tools, especially with regards to email guessing or cold lead generation, might be hit really hard. We've contacted a few which were not gonna name but they said that they might actually cease their European activity altogether if it becomes too hard to be compliant!
What Will Happen if You Fail to Comply?
Truth is If you don't comply it's gonna hurt, a lot! The fines are up to four percent of your global annual turnover (that's your global turnover!) or 20 million Euros, whichever is the greater number.
However, as explained nicely in this article by I-Scoop:
"The exact fines depend on numerous factors such as how severe non-compliance and potential personal data breaches are, the measures that have been taken to be GDPR compliant (with GDPR awareness a first one), the degree in which an organization fails to set up the essential mechanisms to prevent personal data breaches or deliver upon the requests of data subjects"