Digital marketing will not be the same when the General Data Protection Regulation (GDPR) enters into force in May 2018. Many of us use online customers’ data for different reasons, from content delivery to remarketing or cookies’ tracking to craft more personalised web journeys. How will GDPR impact marketing practices and what opportunities can we seize?
That’s what is at the core of the GDPR: the right to control how service providers collect and manage our personal data. This EU data law has major implications for digital marketing practices that have been based so far on tracking and automation. From May 2018, the opt-in permission rules will reign.
The GDPR’s fiveBefore diving into the way GDPR will change digital marketing, let’s review the five main aspects the law emphasises. Companies or service providers using customers’ personal data must:
2. Disclose how data will be used and who will have access to it (data access). 3. Enable data portability to allow customers to transfer their personal data between organisations. 4. Guarantee the “right to be forgotten” or the deletion of customers’ personal on-demand data when needed. 5. Apply “data protection by design”, i.e. technologies guaranteeing the security of personal data. |
Email marketing: what to do with your existing email databases
The GDPR especially impacts the way we do email marketing. Do you remember how articles announcing the end of this channel were flooding the web some years ago? Nothing was more wrong: in 2017, email marketing still has higher conversion rates than other digital channels like social media. GDPR marks, however, the end of it as a marketing tool for the masses, often disrespectful and spamming. We must all pay special attention to the way we build our email lists.
Answer these questions to figure out what you need to do to comply with the GDPR:
- Do my opt-in requests meet the GDPR requirements (data audit)?
Keep in mind that the permission or consent must be ‘freely given, specific, informed, and unambiguous’, as well as articulated by a ‘clear affirmative action’. In addition, the permission is channel-related and for a specific subject. For example, if your customer gives its personal data on LinkedIn to get an e-book, it’s not legal to add that information to your mailing list.
- If the opt-in permission practices don’t comply, how can I amend them? How can I get the proper consent?
- What’s the most efficient way to reach out to my customers or contacts listed in my mailing lists so they can upgrade the consent level?
- Do I have any technology to store consent forms electronically or in paper?
Storage facilities are key to complying with the law. You have to make sure the storage system is secure. To find an optimal solution, you can explore pattern identification and concept analysis technologies that combine discovery analytics and machine learning.
- If, at any point in time, customers ask to remove their data, how can I make sure it will happen seamlessly and timely?
The cookie game
Cookies also fall under the GDPR scope, as long as they can identify individuals through device tracking, combining information with other data or by treating individuals as unique. This covers a wide range of advertising/targeting cookies, web analytics cookies, survey and chat tools that record user ids in cookies.
Will cookies require consent? Yes, and therefore, clear opt-in. For example, if a visitor lands on your website for the first time, you must keep cookies blocked or turned off until the person takes any consent action. As with email marketing, permission is subject-specific or purpose-specific and, if the site uses cookies for different purposes, it has to get consent for each of them.
Website managers have to guarantee a smooth user experience when browsing and, at the same time, provide granular choice for consent in a way that friendly and the least intrusive.
Social media sites are also accountable
The “right to be forgotten”, one of the flagship rights included in the GDPR, and cybersecurity, are probably the biggest challenges for social networks. Most of us have eagerly signed up to them but what happens when you delete an account? Although social networks have made the deletion process easier, there’s still work to do. At the user’s request, companies have to identify and fully delete all data associated with an account.
The content marketing opportunity
Research shows that online users want personalised experiences but are also concerned about cyber security and privacy. How to fulfil these needs that seem contradictory, knowing that the GDPR calls for opt-in?
Businesses can focus on inbound marketing, boosted by content. Some professionals call it “content marketing”. Either way, what our customers, online visitors, social media followers or fans expect is useful, entertaining and timely content. This is the point where GDPR can play a major role as an enabler. It can be a driver of personalised, consented experiences, giving us more hints to create and deliver content, and harvest the business results we expect.
Gated content, organic and paid social media, website subscription pop-ups, webinars, event subscriptions, etc. can generate leads, enrich our customers’ experiences or drive sales or conversion. What we have to do now is make our audiences aware of what we’ll do with the data we collect and where we store/use it.
Why the GDPR will have a positive impact
Until the enforcement of the GDPR, you can still use email marketing the way you’ve done before. However, given the detailed nature of the process for full GDPR compliance, we recommend you start paving the way for May 2018 as soon as possible.
Data audits – the first step to take – are particularly lengthy and they shouldn’t be done in a rush. The software update or the search for one that fulfils your needs can also take some time. We trust CRM software vendors and online marketing platforms are currently working hard to put in place a storage function for keeping consent forms.
Laws like the GDPR clarify rules for users and service providers and not only boost innovation for compliance but also set the scene for developing new business models.
The GDPR compliance process is a good chance for improving market knowledge and even grow our customer base. The more data you gather from customers who give you “consent” (or opt-in), the more genuine prospects you’ll have and better possibilities for creating better online journeys. In business terms, it comes down to trading information for access, for both sides.
When it comes to digital marketing, we can translate the GDPR as a privacy-friendly and a customer-centric law. Also, the implementation of the GDPR could increase trust in your businesses.