There seems to be ever increasing discussion within the marketing industry at the moment as organisations realise they need to prepare for the new General Data Protection Regulations (GDPR), coming into force on 25th May 2018. Alongside the GDPR regulation changes there is also an update planned for the E-privacy laws, both of these updates will effect email marketing (opt in), SMS Marketing and cookies attached to websites. These new regulations will effect the whole business, HR and Marketing teams will be most effected, because they hold uniquely Personal Identifiable Information (PII) for their employees, customers and teams. The regulation will apply to all businesses who have, process and manage PII data, so even if you are a small business you may still need to take some action.
The result of non- compliance could be a hefty fine, Flybe and Honda have recently been fined £83,00 for breaking the Privacy and Electronic Communication Regulations (PECR) which will be replaced by the GDPR regulation.
So what are the new GDPR regulations?
The General Data Protection Regulation (GDPR) is a regulation which the European Parliament is enforcing with the primary aim of giving citizens back control of their personal data. It will apply to all countries within the EU or those who wish to trade within the EU, so it will not be effected by Brexit. Businesses that store, process and manage any European personal information will still need to comply.
So what does this mean for marketers?
Marketers may hold PII data about customers, clients and prospected contacts such as names, addresses, email address and perhaps information regarding preferences, age, political persuasion, etc. There is still some uncertainty as to the complete impact that the new regulations will have for marketers and if you are compliant with the current data regulations then you are part way there. The Direct Marketing Association has outlined that with the introduction of these regulations, there will be changes for the way organisations manage their email marketing and the way they collect and record date opt in (DMA 2017).
What will GDPR mean for my marketing campaigns?
The Information Commissioner’s Office (IOC) has issued a draft GDPR Guidance document to help guide marketeers and businesses understand what they need to do to be compliant, the key points are:
- Unbundled: Consent should be requested separately from other terms and conditions, so individuals are clear on what they are signing up for, consent should not be a pre-condition of purchase or an assumption.
- Active Opt in: GDPR makes it clear that opt- in boxes should be used, perhaps moving more towards the US approach rather than ‘assuming you are opting- in unless you tell me’.
- More Control: The IOC want organisations to be as detailed as possible, which means giving customer more control over what they are signing up for.
- Named: Always tell your customer who your organisation is and clearly explain which 3rd parties their personal data maybe shared with, they need to be specifically named.
- Documented: Maintain records of the consents you have eg: what your customer has signed up to, what they were told and the method of consent, to what extent small businesses need to collect this will become clearer with time.
- Easy to unsubscribe: Customers should easily be able to opt out, it maybe businesses need to show that data has been erased.
- Freely given: Consent should be freely given by individuals.
So how does this impact a small/ medium business?
If you are a small/ medium business then naturally the assessment and implementation of the above changes in regulation are going to be a lot quicker to assess and respond to. If you use email marketing as a way of connecting with your customers and use tools such as Mail Chimp and Constant Contact then they are already complying with a lot of the above. However, it will be interesting to see how their tools and systems evolve over the next few months in response to the above. Watch this space!
Of course if you feel that you need a more specialist review of how GDPR will impact your business, not just impacting your marketing then you could call a spcialist to help you review, CLICK HERE for more information.
It will be interesting to see how the implementation of this regulation unfolds before May 2018 and how organisations respond to the challenge. Tell us know your challenges and experiences.
CIM: “What marketers need to know about GDPR?” Webinar 8 May, by Duncan Smith