How GDPR will change nothing and everything.
At the time of writing, we’re roughly 7 months away from the introduction of GDPR or General Data Protection Regulation which comes into force on the 25th May 2018. A quick Google search for GDPR pulls up a host of PPC ads asking you “Are you ready for GDPR?” and “GDPR Compliance – What you need to know”. If you delve a bit deeper you’ll probably find some highly emotive headlines telling you the world is going to end, the EU are going to fine you 20m Euros, the dead will rise from the grave, dogs and cats will live together… you know the drill.
What is GDPR?
The general concept behind GDPR is similar to that of all recent online data usage regulation. At its core GDPR seeks to provide more power and control to consumers over how their data is collected, shared and used. The regulation will broaden the definition of what personal data is, and will include data pertaining to genetic, mental, economic, cultural and social identity. Additional rights will be included in the regulation including the right to be forgotten and the right to have your data moved from one platform to another.
How will GDPR affect your business?
If you don’t store customer data then in real terms it isn’t going to make any difference to how you do business, however, if you collect email addresses or you purchase data (does anyone still do this?) then now is the time to get your house in order.
In some cases, GDPR will result in companies making structural changes to their IT infrastructure so that data privacy and security sit at the core of their business ideology. Default sharing and/or ambiguous descriptions about how customer data will be used will no longer be acceptable and businesses will be required, at time of capture, to be very clear about what exactly is being done with consumer data.
Any breaches of information notification systems will need to be notified within 72 hours and companies with large data banks on customers (banks, high volume online stores etc) will need to appoint a Data Protection Officer, whose role will be looking after the data policy of the company as well as implementing the data privacy impact assessment (DPIA).
Time to get your house in order.
If you have an email signup form from a supplier like Mailchimp then again you can rest assured their data policy is already excellent. If you use their single opt-in method, then consider switching to the double opt-in method which includes an extra confirmation step that verifies each email address. This will result in some drop-offs at the second step, but the ones you do collect will be of extremely high value.
The new regulation introduces requirements to simplify the process of customers asking for deletion and modification of their data from your system. Which, when you think about it, is actually a good thing. Gone are the days of mass emails to thousands of disinterested potential customers. Our focus should now be on high quality tailored content, served to small engaged audiences. As a Ford car dealer for instance, what would you rather have, an email list of 1,000,000 people who like ‘cars’ or 10,000 people who signed up for more information on the 10 new Ford Focuses, you just took delivery of? Which list has the greater ‘real’ value?
A new era? Yes and no.
This is going to make some fundamental changes to how we undertake digital marketing and will, without doubt, mean that more of our customers will move away from mass email lists and onto social media marketing. Which is undoubtedly a good thing. Businesses will need to start building trust with potential customers in order to convince them to share their data.
In order for this to happen, the focus needs to shift to towards great content being at the heart of all marketing activity. As the ‘much quoted’ Andrew Davis tells us: “Content builds relationships. Relationships are built on trust. Trust drives revenue.”