How will GDPR affect Digital Marketers?

07 July 2017

There’s now less than a year until the EU’s General Data Protection Regulation (GDPR) is officially launched (25th May 2018). Firstly, what does this new legislation entail and more importantly, what does that mean for your online activity?

We’ve been researching the effects GDPR will have on our marketing channels and here’s a roundup of 6 important points you need to know:

1. Why was the GDPR introduced?

In the 20 years since the implementation of the Data Protection Act 1998, we have moved from using dial-up internet on desktop computers to using superfast, wireless broadband on smartphones.

Digital messaging has overtaken snail mail as the main channel of day-to-day communication and the global nature of cyberspace means that even if we are communicating with someone in the same room as us, our communication may be visible in some way to a company on the other side of the world.

The sheer scale of technological change over the last 20 years has necessitated a significant update to existing data protection rules.

2. How do I know if GDPR applies to my organisation?

Assume it does unless proven otherwise, because the scope of the term “data processing” is now very wide.

Basically, if you touch an individual’s private data in any way, shape or form, be it collecting it, storing it or passing it on to someone, you are considered to be processing data.

Even just taking down a name and phone number to return a call would be considered data processing. In very simple terms, if you run a business-to-consumer company and/or undertake any form of direct marketing and/or have any form of loyalty programme, then you are almost certainly going to find that your activities fall within the scope of the GDPR and you may well find that you need to appoint a data protection officer to be in compliance with it.

3. It’s opt-in, not opt-out

One of the biggest challenges we will face once GDPR comes into practice is opt-in as opposed to opt out when collecting data from customers. In terms of digital channels, this will most likely affect email in the most significant way. Customers will now have to consent to companies using their information.

The GDPR clearly defines consent as:

“…any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed”

The term ‘freely given’ essentially means that handing over personal information is a genuine choice by the individual. If the data is not necessary for the service or transaction, for example a street address or secondary email address, then there is no reason to collect it unless consent has been given.

If a customer has purchased from you in the past, they will now have to opt-in to receive marketing emails.

4. Your data needs to be deleted

Once the GDPR comes into practice, all customers have the right to be forgotten. This is one of the most important aspects of the new legislation as it allows customers to regain control over their information and how it’s being used by businesses. It must be simple and easy for customers to remove their data, especially if they are unsure why it’s there in the first place.

We don’t necessarily see this as a bad thing. According to Forrester, “77% of consumers have chosen, recommended, or paid more for a brand that provides a personalised service or experience”, so this will most likely lead to our databases becoming more relevant and targeted over time. Data will be collected in a more strategic, streamlined way which will increase the effectiveness of our digital marketing.

5. What happens if I just ignore it?

It’s unclear how the GDPR is going to be enforced but, if you get caught breaking the rules, you risk some hefty fines. At this point in time, the Information Commissioner's Office (ICO) can issue a maximum fine of £500,000 (although in theory it can also pursue criminal prosecutions, which could result in prison sentences).

By contrast, the GDPR allows for fines of €20 million or 4% or annual global turnover – whichever is higher. That would be quite a risk to take.

6. Be prepared!

Although it may seem like a long way off, you should definitely start preparing for these changes sooner rather than later. Many companies will need to reshape their database building strategies in order to comply, including how the data is collected and stored. The GDPR is a real game-changer for digital marketers. Although there will be challenges to overcome, we believe that it will lead to new, exciting marketing opportunities. We’ll be able to develop more thoughtful, strategic approaches to targeting. Those who opt in are much more likely to convert due to higher engagement levels. We’ll also see better relationships between businesses and prospects because consumers will have more control over how their data is used.

Over the coming months, we will be providing more info on our blog on how GDPR affects specific aspects of digital marketing, and advising our clients on the steps they need to take to ensure compliance. For the time being, more info can be found here:

and here