You don’t have to be a European company to worry about General Data Protection Regulation (GDPR). If you have any customers in the EU then GDPR means that there are very specific marketing rules that you must adhere to. Failure to comply with these rules could mean hefty fines—up to 4% of their annual global turnover or 20 million euros (whichever is greater)—and angry customers.
What is GDPR?
GDPR is a strict set of guidelines for personal data protection across the 28 members of the EU. It’s a framework that dictates customer data privacy and data protection. The rules mandate:
- Data controllers must only retain and process data that is absolutely necessary, limiting access to personal data.
- The right to data portability—the ability to receive personal data and transmit it.
- A required internal record-keeping system for more synchronous regulation.
- A customer’s right to be forgotten—their personal information to be erased or made unavailable.
- Breach notifications within 72 hours for high-risk customers.
- A customer’s right to access and obtain personal information from data controllers.
For marketers, the most important element of GDPR is consent. Companies must request customer consent in a clear and easy form, and EUGDPR.org states, “It must be as easy to withdraw consent as it is to give it.”
Marketing Under GDPR
What does all this mean for your company? You’ll have to adjust your marketing tactics to correctly and consistently meet GDPR guidelines. There are three critical elements: data permission, data access, and data use.
Data Permission – Opt-Ins
Before gathering any data, your opt-in form requires significant investment. You must clearly ask for customers to provide consent for that data to be collected. It’s not enough to say, “click here to sign up for our email.” Instead, your customers must freely give their consent specifically and unambiguously. It must be a clear affirmation.
What this means is that your opt-ins must be a deliberate choice. For example, when visitors fill out a form on your website to sign up for something, such as a free trial, you cannot automatically assume they are also agreeing to receive emails. Instead, you now must include another opt-in that your customers must click to agree to receive newsletters.
For marketing, this means that you’ll need to be more targeted when trying to grow your customer base. One way to do this is to rank your potential customers (prospects) based on their intent. In this way, when you reach out for an opt-in, you’re more likely to gain consent.
Data Access
As a marketer, you’ll have quite a few responsibilities when it comes to data.
First, you have to make it just as easy to revoke customer consent as it is to give it. Your customers should be able to not only remove outdated or inaccurate personal data, but to also completely remove their data and all access to it.
Second, you must provide your customers with a way to easily access their personal data. They must be able to view a customer profile where they can manage their data and permissions to opt-in or opt-out at any time.
To answer these two responsibilities, there are a few things you should do:
- Write a clear privacy policy that explains how you will use customer information, what information you gather, and how it will be protected.
- Include an unsubscribe link in every email and in an easy-to-find location on the customer profile.
- Whenever you collect customer data, create a customer profile that allows users to manage their data information and subscription preferences.
Data Use
Perhaps, most importantly, you must only collect necessary data. Too often, companies collect more data than they need, but you can no longer do this under GDPR guidelines. For all customer data, you must justify why you need it.
To ensure you do this correctly, you’ll need to have a “use” or “focus” for all data you collect. And the best way to do this is to identify legitimate customer interest first.
Using Aberdeen’s intent data, you can discover pertinent contacts and “look alike” prospects” before collecting customer data. From there, it’s easy to determine the relevant customer information to collect and to provide a “use” for all data.
The good news is that GDPR is actually a wonderful opportunity for marketing campaigns to go to the next level and engage with their potential customers like never before. The key to success is making sure that you gain explicit customer consent before collecting any data, providing the “right to be forgotten,” and being transparent about what data you’re collecting and why. From there, you can be as creative as you want
