Now, we’re no legal experts, but we have done a little research on how the GDPR might affect content marketers over the coming months. While you should always seek expert advice, this blog should help you understand some of the basics about these new regulations.
What is the GDPR?
GDPR is the acronym for the General Data Protection Regulation. It’s an EU initiative, designed to bring data protection laws into the 21st century and beyond.
It’s about time too! The last update to regulations was back in the year 2000, when dial-up-modems were all the rage and ‘N Sync topped the charts with ‘Bye Bye Bye’!
So, we can safely say these rules are way out of date. Internet usage has shot up, our devices are a million times better these days and our use of data has increased massively.
The GDPR initiative is set to change how data is used by companies, and the control individuals have over their data. Sounds good, right?
What’s happening with data right now?
Data is power in the 21st century, so many companies invest heavily in collecting it.
They frequently swap or buy data to reach new audiences, and try methods such as cold emailing and spam messages to boost their revenue.
However, there are other (more legitimate) ways to collect data. When someone enters your site to download a white paper or sign up to a specific mailing list, marketers try to collect a host of details from them, including:
- Email address
When a visitor returns to a page, marketers use their behavioural data to make recommendations and target their specific needs.
This may sound relatively harmless, but sometimes this data can be abused, and visitors can become inundated with content that they didn’t sign up for. This causes frustration and ultimately leads to unsubscribes, so it would be great if we could fine tune our processes … enter the GDPR!
What will happen once the GDPR initiative goes live?
The GDPR comes into effect on 25 May 2018. From that point on, everything will be centred around consent – something the top bods at Hollywood could learn a thing or two about!
For every individual that gives a company their data, there must be a clear and traceable record of how and why they agreed to their personal data being stored. Sorry guys, a pre-ticked box is not going to cut it!
The GDPR initiative also emphasises a visitor’s ‘right to be forgotten’. This means they can retract their consent at any time, and their information must be permanently erased.
These changes will affect the data of 750 million EU citizens – that includes UK residents (Brexit hasn’t quite happened yet)! Marketers from around the globe will have to be careful about how they handle EU data as the consequences of non-compliance are severe.
Fines for failing to comply range from £500,000 to a maximum of £18 million, or 4% of your global revenue – whichever is greater. Not many businesses can afford that kind of cash, so you should really look into the GDPR initiative today!
What does the GDPR initiative mean for marketers?
First of all, the GDPR initiative will come as a huge shock! According to HubSpot, only 36% know about GDPR and 15% have done nothing and are at risk of non-compliance.
Once marketers know what’s going on, they’ll probably panic. A LOT.
Data-driven marketing has become much more popular in the last few years; 64% of marketing executives ‘strongly agree’ that this type of marketing is crucial to success.
Why? It meets the current demand to deliver more relevant communications and be more ‘customer centric’ according to 53% of marketers. However, that only applies when data is used correctly.
This increase in popularity has led many marketers to invest in data-capture technologies. These will still work after the GDPR initiative is put in place, however this technology may need some tweaking to ensure it conforms to the new rules.
However, for marketers who have bought prospective customer data-lists, it becomes a little more problematic. None of these individuals have opted in to receive communications from the company, so these marketers could easily be accused of breaching GDPR rules.
Email marketing is set to change
All subscribers must now opt in to your email lists. Consent must be ‘freely given, specific, informed and unambiguous’. This essentially means that you must explicitly state your brand is collecting data, what it will be used for and any terms and conditions around it.
This will certainly change the way marketers boost their general mailing lists. Currently, if a visitor enters their email address to get a free white paper, they’ll automatically be popped onto the general subscriber list. However, under GDPR, they cannot be added to that list as they did not consent to it.
We suggest that you start reaching out to your subscribers now, before the big GDPR initiative comes in. Outline what the changes mean for them (in plain English) and what their next steps are.
Try to make your communication stand out, as we’re sure many other companies will be firing out similar comms over the coming months!
There’s no need to panic – GDPR is a positive step for content marketers
First things first, it reduces the advantage that larger companies with large volumes of data have. It levels the playing field which means companies now have to better each other on one thing – content!
The average marketer’s job is about to get much harder as they’ll need to consistently create high-quality, relevant and creative content that attracts consumers and earns them the right to speak to them. Marketers should already be doing this, but everyone’s going to have to kick it up a gear in 2018, so don’t get left behind!
There’s another benefit to the GDPR; it appeases any worries your subscribers may have. Your audience will control how and when its data is used, which helps foster a more transparent and honest relationship. What could be better than that?
How to prepare for the GDPR initiative
Like we say, we’re not experts – but here’s some advice on how to start preparing for the GDPR initiative.
1. Be transparent
Transparency is important for all aspects of content marketing, but especially data collection after the GDPR initiative comes into effect.
You must communicate what the data is going to be used for in simple phrasing and tell visitors about their rights to withdraw consent.
Try to offer as much information as possible, as this will help build trust between you and your potential recipient. You never know, it may encourage them to sign up for other lists too!
2. Take only what you need
According to the GDPR, you should only collect data that’s adequate, relevant and limited to what’s necessary for the intended purpose of the collection.
It makes sense – you only need to collect an individual’s name and email address. A couple of supplementary (but relevant) questions would probably be fine … just don’t overdo things!
3. Be serious about storage
Under the GDPR initiative, you can only use data for the purpose that the individual consented to. If you plan to transfer or share details with another company, you must get consent from the individual.
Security is an important part of the GDPR initiative. You must take ‘appropriate technical and organisational security measures’ to protect against unauthorised processing, accidental loss, disclosure, access destruction or alteration’.
You could consider encryption, pseudonymising or anonymization to add an extra layer of security.
4. Think about accuracy and accountability
All collected data should be accurate, however if something changes or there’s a blip, individuals will be able to ask organisations to update their data.
It is up to the organisation to ensure that data is correct, and their practices comply with the GDPR initiative. You must keep records which can help prove that you have acted in accordance with these rules. This could include:
- Screengrabs of when and where the individual has consented
- Consent forms, safely stored by organisation
- Policies in place governing collection and use of data
- Appointing a Data Protection Officer (DPO)
It is important that all of these are easily accessible and can be produced on demand. Otherwise, your company could face severe ramifications.
5. Keep data only for as long as is appropriate
You may only keep data long enough to fulfil the intended purpose of collection. And, if an individual requests deletion you must comply and confirm it to them.
However, this does not just include deletion from your databanks, it also includes that of downward vendors’ systems who process data on behalf of your organisation. Remember to record any correspondence confirming this, as otherwise you might breach the GDPR initiative.
So, that’s it. A brief overview of the GDPR and how it might affect content marketers. It sounds scary, but it could well be a force for good.
However, you must ensure you know exactly how it works and comply fully to its regulations. We’d suggest seeking expert advice to make sure you’re fully in the loop when the changes come into force. Good luck!