GDPR might seem like a dry topic or dull legislation, but the fact is that the GDPR coming into force on the 25th of May this year is an amazing opportunity for marketers and something to get excited about.
Let’s start with the slightly less exciting bit, so what is GDPR and the background to it…
The storage and handling of data was governed by the Data Protection Act 1998 (“DPA”) but this will be replaced by the General Data Protection Regulation (“GDPR”) from May 2018. This will provide a more robust set of rules for the collection, storage and processing of personal information. The GDPR is a regulation that provides a legal framework that will apply to all members of the EU.
If a business collects, stores or uses personal data from residents of the EU then GDPR applies and now there is a legal obligation for compliance, with serious penalties for those that don’t. Personal data applies to any data from which a living individual (data subject) can be identified. Examples of personal data include things such as name, address, gender, date of birth. Even an IP address can be an identifiable piece of information.
Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
What do I do with my email marketing list?
One of the first things that comes to mind for a marketer is what do I do with my email marketing list?
Dealing with your existing email database to make sure you only have consenting customers on it might be a bit of a challenge, but there are ways of making sure that you have the right data and that it is dealt with in the right way. For example, you can run a re-opt in campaign and clean your list, host a giveaway, run a Facebook remarketing campaign to a custom audience, or even call your subscribers. If you can provide evidence that the emails on your list have actively opted in to receive your emails, you’re good to go.
It might seem like a daunting task, but just think about the increase in engagement rate and conversion rate you’ll have from an email list that all have actively (and recently) opted in to receive your emails!
When you work with an email list that is GDPR compliant, you have an active and engaged audience, which makes it even more important to think about the data you are profiling. Are you using education and profession data, location data, buying habits, social media information, IoT data, internet and browsing history to optimise your emails?
Consumers want tailored, shoppable, location-based emails that are easy to navigate. This is a perfect time to think about the opportunities GDPR creates for your email marketing and utilise them for a more personalised experience centric approach.
What other things do I need to do?
As a marketer, you’ll inevitable be using software and tools that to some extent collect data. Make sure you create a list of all the software and tools you use and ensure they are all GDPR compliant. That way you know the data you’re collecting through them are compliant when it gets to you, as you’re ultimately responsible for the data you’re using regardless where it came from.
Your company should have an appointed person who can act as the data protection officer. It would be this person’s job to make sure that processes and tools are in place to be able to process personal data in a GDPR compliant way and that data can be found and deleted easily upon request. It is also important for all staff to be aware of the ins and outs of GDPR and the new ways of processing this data, which means some form of internal training will be essential.
Start mapping out all the personal data you hold, old and new and ask yourself these questions:
- What data have you got and what do you use it for?
- Have you got more than you need, and do you keep it longer than you should/need?
- Is the data used for what the individual would expect you to use it for?
Making sure you only use the data that you’ve stated you’ll be using it for and that you’re transparent in communicating this will be key under GDPR. Essentially, only collect the very minimum amount of data required to achieve your aims and ambitions and communicate what this is clearly to the customer. By doing this, you’ll have a well-informed and happy customer and you’ll have data that is accurate and up to date – that’s surely something to get excited about?
GDPR checklist to prepare for being compliant:
- Awareness and training – Make sure that key people and stakeholders in the organisation is aware of GDPR and its implications, and that any relevant training is provided.
- Data protection officer – Appoint a data protection officer to be responsible for data protection compliance. You might not legally be required to have one, but it will be helpful to have a go to person for all things GDPR.
- Information analysis and audit – Document all personal data you hold, both from customers/clients and staff, where you hold it, for how long, how it’s being used etc. and do an audit to ensure compliance.
- Process plans – Check all procedures to make sure they cover the individual’s rights to have their data removed, and how you deal with such requests.
- Consent and basis for storing data – Think about what the lawful basis is for collecting and storing any personal data you have.
- Data breaches and assessments – Make sure you have the right procedures in place to detect, report, and investigate any data breaches.
Still feeling helpless?
Fear not. We’ve got an in-house team that can help you with anything from creating new policies to run an opt-in email marketing campaign. Just get in touch today and we’ll help you in your mission to get GDPR compliant.