The newest data statute affecting the European Union, the General Data Protection Regulation (GDPR) is scheduled to become law on 25th May 2018. Even though a lot has already been said about the regulation, questions about how the law will affect specific areas of business remain. Marketing departments, for instance, often deal with personal information of current and potential customers, so knowing how the GDPR will affect their strategies—such as adding an email opt out option to their direct mail campaigns—is essential to staying in compliance and avoiding massive fines.
A quick reminder on the GDPR
The GDPR applies to any organisation that handles the personal data of EU citizens, with large fines for non-compliance. The goal of the legislation is to simplify existing data protection laws across the single market and to give private citizens more control over their personal data.
One of the main reasons behind the new regulation is a response to our rapid digital progress. Technology is developing so quickly that the old rules (the UK’s Data Protection Act 1998, for example) are becoming increasingly outdated and not fit for purpose. On top of that is the arrival of big data and data analytics, making data big business. Consequentially, marketing best practice over recent years has been to, essentially gather as much data as possible about potential customers and analyse it later.
The emergence of the GDPR, however, could soon change this data grab. Thanks to an update in individuals’ rights, organisations across industries will have to be more discerning about the data they hold on individual people.
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Email opt out and the right to be forgotten
A quick reminder on the Opt Out list – when someone registers on your website, or signs up for a free e-book or promotion, in the small print they are giving their consent to receive emails from you. The opt out part of the name refers to their choice to unsubscribe and leave the list later. However, the implicit permission to contact them is there as soon as they give their email address.
While the GDPR isn’t reinventing the wheel, it is changing how we use the wheel. Organisations need to think about how their current business practices and strategies are going to be affected. For example, email opt out is nothing new in marketing, however, the effect the GDPR will have is on how your organisation treats the data you hold on an individual who decides to opt out of your mailing list.
One of the individual rights incorporated into the EU’s data law is the right to erasure, also known as the right to be forgotten. The broad idea here is that an individual has the right to request deletion of their personal data that an organisation is holding on them. While the right to erasure is not an absolute ‘right to be forgotten’, the circumstances where an individual has the right to have personal data erased are much wider than they were under previous rules of the Data Protection Act. Click here to get see a specific list of circumstances, as well as a more detailed look at the right to erasure.
The GDPR is a proactive act
Under the previous law, it was acceptable to remove a contact who had opted off your list while keeping their data on file. This doesn’t necessarily mean that a company that keeps data is going to sell it on to a third party, but the GDPR prevents something like that from occurring. Also, it means that as a business you need to actively search for, organise correctly and be aware of all the data that you hold and make sure it follows regulations. Whether it’s an email newsletter list or your CRM solution, the data you hold about your customers and clients needs to be monitored.
For example, the rules around consent are set to a higher standard and options to withdraw that consent need to be always available. Likewise, the GDPR advises the use of the more proactive opt-in box rather than assuming the customer’s consent is implicit unless told otherwise. The level of detail your organisation needs to provide a customer for what they are signing up for also need to be improved, and better documentation of records of consent need to be maintained.
It might seem like a lot of extra work, but with the right planning, your organisation will be GDPR compliant without too much fuss.
Are you GDPR-ready?
At bluesource, our goal is to ensure that everyone is prepared for the new legislation, and that includes marketing agencies and in-house marketers. We provide a range of assessments to help recognise where you are susceptible to the changes and understand what you can do to be fully compliant. If you’re worried that you lack the tools or resources, then get in contact and let us help.
For more information about the GDPR and how we can help, contact us today.