Let’s start this post with some good news: GDPR won’t be the end of data-driven marketing. In fact, it may help companies be more effective because they’ll more often be working with people that have indicated they are “ok” with sharing personal data with your company. If an individual understands why they’re opting into your messaging – and can see the value they’ll gain, that is the beginning of trustful relationship.
However, the new GDPR rules limit the amount of data that marketers can collect about Europeans, who now have more options about what data companies can see about them. Marketers will need to implement new processes and technology when working with customer data. Here are some of the key things to think about:
The Double Opt-in
According to most GDPR experts, the recommended policy for marketing communications is through what is called “double opt-in.” By default, the individual is not to receive communications. They need to first provide an expressed interest in “opting in” to communications. This can be done via a web form where they explicitly state that they are opting in. Once an active opt-in request is received, the company can send a follow-up communication to confirm their opt-in requests (double opt-in). Until receiving the confirmation, personal data cannot be used for any marketing communications.
Furthermore, details about the opt-in should be recorded in the system so that there is proof.
(Note – Opt-In is different from consent. Consent means you have permission to store or process data for the purposes you provide in your policy. Opt-in means that you have permission to send marketing communications. The consumer may have given consent to store and process data, but not opt-in for communication).
Transparency is the key
GDPR requires marketers to be as transparent as possible with customer data. You need to demonstrate that an individual’s data is being treated with respect and held securely. Furthermore, you should demonstrate why you are collecting data (what is the purpose) and only collect what you need.
Simply put: tell your customers what you’re planning to do with their data and why (see article 13 of GDPR information rights for more details). Valid reasons for holding personal data may be: helping customers find what they’re looking for; making better recommendations; notifying customers of important matters (such as payments due or software updates).
You should also ask: Is all this data necessary, or are we falling into the trap of more is better? For example, with a website sign-up form, only ask for what you need. For B2B marketers, full name, email address and name of their company is usually enough.
The power now lies with the customer (as it should be)
With all the fretting about compliance, it’s easy to forget the purpose of GDPR is to protect and empower individuals. GDPR gives people more control over how their data is collected and used – including the ability to access or request removal of it.
The right to erasure (or right to be forgotten) is one of the most talked about aspects of GDPR. It gives people the right to have all personal data removed. As a marketer, it will be your responsibility to make sure that your users can easily access their data and remove consent for its use.
Of course, there is another way of looking at this. A majority of right to erasure requests will come after an unpleasant experience with the company. So, marketing responsibly and providing a good customer experience is just as important as putting in right to erasure mechanisms.
GDPR is forcing companies to become more creative and more detail-oriented in how they interact with customers. Again, this isn’t necessarily a bad thing. Sure, it can be a bit unsettling to change your standard way of doing things, but anything that gives power to customers and helps companies better define their audience is a good thing.
To get started, read our new eBook: Getting Ready for GDPR – A Practical Guide.
Disclaimer: The content in this blog post is not to be considered legal advice and should be used for information purposes only.
Originally posted on March 1, 2018: Understanding GDPR Requirements for Marketing Communications