With new EU General Data Protection Regulation (EU GDPR) legislation having been accepted in April 2016, it’s time for marketers to take action in preparation for the changes which come into full force from 2018.
Affecting businesses that trade within the EU, the new regulation promises better protection of personal and private data by enforcing stricter usage guidelines. For those falling foul of the regulation, fines of up to €20m or 4% of a company’s global revenue are on the cards.
Much of what we see in the new regulation represents a progression of existing rights and obligations which EU GDPR aims to formalise.
The EU Data Protection Directive, put in place during the internet’s infancy in 1995, can be recognised as the first data protection regulation to be drafted in the digital age.
What does EU GDPR mean for marketers?
It’s all about data value exchange; a fundamental of modern marketing. Trading rich data for a better customer experience is set to be a hot topic with the implementation of the new legislation.
As it stands, there’s a big misconception among businesses that data is some form of tradeable commodity and they can do what they like with it in the marketing space. However, this simply is not true.
An individual’s data belongs to them, and they have rights to every aspect of it. Therefore, the new legislation will bring greater transparency to the data value exchange and from 2018 marketing teams will be obliged to explain how a person’s data will be used.
For customers, the implementation of the regulation should result in an increase in trust of businesses that are using their personal data for marketing.
For business – and marketing departments in particular – there will be need for vigilance. Essentially the EU’s message is: “Handle your data with care or face severe penalties for the misuse of it.”
But it’s not all bad news and serious consequences!
“It will also give marketers the chance to explore new ways to use technology, data and creativity to reach potential customers effectively.”
Zach Thornton, external affairs executive at marketing trade body The Direct Marketing Association discusses one of the benefits of the legislation for marketers: “The GDPR will change the way businesses use data. The two years before the GDPR become law are a great opportunity for marketers to look at what they are doing and make sure they are comfortable with the regulations, and adapt. It will also give marketers the chance to explore new ways to use technology, data and creativity to reach potential customers effectively.”
Preparing for the GDPR: The First Steps
- Ensuring Awareness of Change
Are decision makers and key members of staff are aware that the law is changing? It’s time to assess and educate key stakeholders about EU GDPR, detailing how things will change from a data handling and marketing perspective.
- Reviewing Your Organisation’s Existing Data
All information and data held by your organisation should be documented, referencing its source and any previous uses. Details of who that data has been shared with previously will prove to be a useful audit exercise in understanding who may have access it.
- Communicating Privacy Information
A review of your current privacy notices should be conducted, with a plan put in place to make any necessary changes for the forthcoming EU GDPR regulation in 2018.
For the further information on preparing for the new EU GDPR, including subject access requests, consent and data breaches, please view the ICO’s 12 Steps to Prepare for EU GDPR guide.
In light of the new EU GDPR, marketing teams will have the opportunity to re-engage with their customers and prospects to renew consent, giving them the opportunity to simultaneously gain new data and make new offers.
So, despite all the leg-work that will need to be done for compliance, marketers will ultimately be able to improve customer relationships and provide further detail to their databases.
We hope that EU GDPR will also improve the general perception of businesses that are collecting the personal data of consumers by showing an increased level of commitment to the protection of that data. In time, we would expect to see less misuse of data by unscrupulous marketing companies such as those who send spam email and make unsolicited calls.