With less than six months to go until this landmark legislation comes into being, the General Data Protection Regulation (GDPR) is going to fundamentally alter how organisations and businesses deal with personal data of EU citizens.
Marketing teams will have to help to create a culture of transparency and data privacy, and email campaigns will have to change accordingly.
Embracing GDPR’s many opportunities not only offsets the likelihood of being hit by large fines, it also teaches marketers about the value of data protection and enables firms to galvanise the trust of clients and customers in the digital age.
How will email marketing change?
A key part of GDPR involves giving power back to the data subject, so that people themselves have the final say on who their data is held by, for how long and for what reasons.
Demonstrably working to uphold these ethics will bring peace of mind and greater confidence to businesses and individuals with whom your company works, helping to reassure that information will not be misused in your hands.
After the purging of old or unauthorised data hoards, marketers should be left with only the freshest, most relevant and compliant data pertinent to their needs, which in turn will ensure subscription lists are of significantly higher quality.
What new obligations will fall upon marketers?
Under guidance published by the Information Commissioners Office, marketers will need to factor the following considerations into future email marketing campaigns:
Unbundled: When you ask for consent of data use, the question should stand alone from weighty terms and conditions so that data subjects can clearly see what they’re giving up. Consent will not be assumed as a result of a customer signing up to a service, unless that service specifically requires it.
Active opt-in: The data subject’s consent relies on the clear opt-in boxes being used. Pre-ticked boxes will not be sufficient to confirm consent.
Granular: If different degrees and varieties of data handling need to take place, the data subject should be made aware of each difference and separate consent should be given for each instance as far as is possible. This measure means consumers will have maximised control over the data that they are submitting for processing.
Named: Marketers will always have to tell data subjects the name of the data-handling organisation, along with the names of any third parties with whom the information may be shared. For example, stating that information may be shared with other car dealers will not be clear enough. Each recipient organisation will have to be named.
Evidenced: Records will have to be kept of all instances of consent given. This documentation will detail what the data subject has consent to, the information they were given which facilitated consent, and the method of consent.
Easy to withdraw: Data subjects should be able to take back their consent easily and quickly under GDPR. Marketing teams will have to make efforts to facilitate this option to withdraw in email transactions.
No imbalance: Marketing teams will have to work to ensure that there is no power imbalance between the data subject and the organisation. This might manifest itself, for example, in marketers reminding data subjects about what they have given consent to, and regularly asking for consent to be renewed or reconsidered. Ultimately, the data subject must free and in control of their data, even though they have consented its use to an organisation.
The risks of non-compliance
If a data breach is discovered, GDPR officials will call first upon HR for evidence on staff training. Companies should note that only properly trained staff will be allowed to handle data under GDPR.
More alarmingly, a failure to comply could bring a heavy financial penalty to organisations – either 4% of turnover or a fine of €20 million, whichever is the larger.
With GDPR arriving on May 25th 2018, bosses must do all they can to seek professional guidance to ensure full compliance. Data security is about to catch up with the speed of business in the digital era.
Attend the GDPR Summit London on 30th January to understand how your marketing team can take advantage of the opportunity that the GDPR presents.
The event will feature a Roadmap for Marketers theatre, hosting a wealth of expert speakers from data protection and marketing to provide you with an in-depth understanding of the issues marketers face under GDPR.
By Steven White, Features Editor, GDPR Report
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
comments powered by Disqus