Talking about GDPR to your customers is fast becoming second nature for technology marketers, as everyone rushes to demonstrate how their solutions and services will make it easier for businesses to adopt the regulations when they come into force in May. But how much do you really understand about how GDPR will impact your own marketing and that of your partners?
The truth is GDPR is a meaty – and somewhat dry subject. Its primary aim is, ‘to give end-users more control over their data – what they see and receive, improve security and make steps towards stopping unwanted communications’. For marketers, it’s a bit of a headache. However, technology – combined with some preparation – can help solve the majority of the problems, leaving you with a cleaner database of people who want to hear from you.
This is a massive subject – and there are lots of experts out there who can really help you understand the nitty gritty of the regulation and what you need to be doing for your business. In the meantime, to give a helping hand, we’ve pulled together some handy tips from those in the know.
Don’t panic! Chances are your business will already have made investments to ensure you’re compliant – you just need to take the time to understand the facts and make sure you have all bases covered.
Audit your data
- What have you got and what do you use it for?
- Have you got more than you need?
- Do you keep it longer than you should?
- Is what you use it for, likely to be reasonably expected by the individual, based on their relationship with you?
- Do you match data obtained from elsewhere?
- Can you justify legitimate interest i.e. an existing relevant relationship or will you need to go back and gain consent? Note – there is a really handy tool to help you make this decision here.
Communicate new privacy notice to those with legitimate interest
In the case of legitimate interest, you will need to communicate to your current database the fact that you have a new privacy notice and give them the opportunity to object to direct marketing. You will need to record what you sent, to whom and when. You should only use data that you have permission to market to, so choose the right channel to reflect the permissions you have.
Seek consent of those without
In the case of consent, there is no getting around it: you will need to get your existing customers to opt-in. This means communicating the specific detail relating to the use of the data, so the data subject can be fully informed before they opt-in. You can use a layered approach to this, where the communication content, or the webpage they land on, has the summary details of the processing undertaken, linking through to greater detail on further pages.
You must ensure that the individual is presented with sufficient information to allow them to be, ‘said to be informed’. You will need to record who opted-in, what they were told at the time and have some form of verification, such as double opt-in, to show an audit trail.
Know your geography
Data protection rules have long been bound by recommendations to store and access information within the EU only. However, this requirement has certainly come into the spotlight as a result of the GDPR hype.
Many marketers think they’ve already ticked this box, especially if they have UK servers or domestic-only operations. But many marketing professionals have overlooked the fact that partners and suppliers often transmit / have access to data.
Take a marketing automation provider and their support team, for example. If that vendor – or its contact centre – is based in the USA, the data is pinging its way back and forth beyond the boundaries of the EU. This is not permitted under GDPR!
Identify the external threats and internal errors posed to data management processes
Have you used a third-party agency to create a data capture device, website or landing site? Maybe you have got data from one of your partners or vendors? Make sure they are GDPR-knowledgeable and can write programmes and privacy notices that comply with GDPR. Internally, your organisation needs to mitigate errors by ensuring staff are appropriately trained, and records of training are kept.
Do you feel ready for GDPR? We would love to hear your own experiences and top tips for making sure data regulation doesn’t keep you awake at night Contact us via firstname.lastname@example.org.
With thanks to the following articles for content:
- 8 tips to help you prepare for GDPR – David Apsinall, The Drum
- Top 5 tips to prepare for GDPR – Duncan Smith, CIM
- GDPR for Marketers – 5 examples of legitimate interests – Ben Davis, Econsultancy
- Cutting Out the Crap – the truth about GDPR consent – Tim Roe, Econsultancy