July 10, 2019

The Impact of GDPR on digital marketing

The most recent law about data protection is the GDPR. You probably might have noticed the flurry of emails notifying you of an update in their privacy policies and Terms of Use agreement from your favourite social platforms or online stores. Yes, it’s because of GDPR – General Data Protection Regulations. This law is changing the web landscape dramatically. The GDPR is more extensive in scope compared to previous data protection regulations.

After the news of the manipulation of voters’ data by Cambridge Analytica, a data firm, broke out early this year, the EU took proactive steps to prevent such occurrence from reoccurring with the data protection regulation which took effect on May 25th, 2018.

What does this mean for digital marketing and marketers in general? Although the impact of the regulation spans all industries, it affects the digital marketing industry the most as it gives customers more control over data that is collected from them. Another reason why a lot of marketers are terrified is the speed at which the legislation was enacted. While this regulation covers only those in European Union countries, it’s almost very difficult for any business which operates on the internet to single out itself from this recent development as you could come across clients from the EU at any given time. Companies whose businesses are customer-data intensive like digital marketing companies, who continuously mine customer profiles for personalized campaigns, brand messages, or personalized customer experience are going to have to put on their thinking caps and have their house together as the era of tight marketing has ended.

The internet, just like everything that has immense benefits, also has its drawback.  Every day, people’s personal information is being collected at an incredible rate online. The websites you visit, places you travel to, photos, calls, all of your activities, as long as you make use of the internet is being recorded and leaves a digital footprint which has become a prized resource.

Lately, consumers demand to be in the know of how their data is used and stored by companies. They no longer have the conviction that companies do enough to protect them.

What does this imply?

It means that companies looking to collect information from users must get explicit consent from them, using plain terms, stating how the data of the intends to be used by the company and companies must provide an easy way for users to acknowledge and consent to the use of their information. Under this regulation (name, address, race, ID number, health stats, political opinion, cookies, RFID tags, IP address, and geolocation) of individuals all considered as privacy data. Simply put, companies must build in privacy settings into their websites and products, and switch them on by default.

These are manageable but significant changes that data-driven or data-intensive companies must comply. This regulation is legally binding as it is not a directive, failure to comply can cause heave GDPR fines slammed on your organization.

How does this impact digital marketing?

If you are a digital marketer, or you run a digital marketing agency, this is a big deal considering our analytics are drawn from data. We refer to personal data as anything that can be used to identify a person directly or indirectly. It could be a name, email address, photo, post on a social media sites,  bank details, IP address and more.

Before this legislation, digital marketing companies or marketers could afford to just mine data from the internet, get a person’s information, segment this data and start an email campaign or reach out to a person via cold calls for lead generation. To play it safe, we would add a disclaimer by the Unsubscribe link usually at the bottom of the mail. Sadly, this cannot suffice anymore as the GDPR brought in three main changes that directly affect the digital marketing industry. They are:

Territory: Regardless of where your business is located, if you must process data of any EU citizen, you must comply with GDPR.

Penalty: Failure to comply can cause the EU to slam a huge fine on your company. This fine could get to as much as 20 million euros or 4% of your annual turnover – whichever is greater.

Consent: The EU stated in Recital 2 that “Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her. Pre-ticked boxes or inactivity should not, therefore, constitute consent.”

As a digital marketer or agency, here are what to consider when strategizing your marketing:

Opt-In / Opt-out

Soft opt-in or implied consent is no longer optional for “Business to Consumer” personal data. If a visitor must fill a form containing personal data fields on your website, it should be stated clearly where the data would be used, and the individual must consent to it before using. No more cold emails or phone calls, people need to confirm that they want to be contacted before you reach them over the phone or mail.

Also, users who opt-in should be able to easily Opt-out whenever they chose. This can, however, come in the form of an Unsubscribe link in the cases of email marketing campaigns which takes the person to a page where the person opts-out completely.

Less Data on forms and files

Since the decision to opt-in lies with the individual, organizations must also ensure online forms and fields are GDPR compliant. Considering the data collected is for a specified purpose and would be clearly stated by the organization for the knowledge of the individual, forms and fields must be relevant to the stated purpose.

Data Security

The security of collected data is important. Companies must ensure that the data stays with them and not shared amongst or with a third party.

If you must use a marketing tool, ensure the tool has a defined and clear statement on compliance with GDPR regulations and how well they secure their data. However, it is advisable that you include in your privacy policy that you may be uploading and sharing data to third-party sites. This should be stated clearly in simple terminology.

In the case of a data breach, the GDPR mandates that it must be reported within 72hours of its occurrence.

Legitimate Interest Marketing

If a digital marketer or a business chooses this path for their direct marketing, then it can send email marketing on an opt-out/Unsubscribe grounds, but keep in mind that this route doesn’t get around the GDPR regulation. This can only be done on the basis that all other aspects have been met otherwise having to prove ‘legitimate interest” may be more difficult to do legally. Here’s a checklist to get started:

• Have a defined opt-in status for all your contacts.
• Let it be GDPR compliant for new contacts.
• For existing contacts, create opt-in campaigns.
• Include GDPR sales and marketing compliance.
• Get prepared for information requests and security breaches.
• Have a review of third-parties that work with your data.
• Create a privacy page.
• Do a clean-up of your database.

Indeed, GDPR has brought a dramatic change on the way customers/ consumers/visitors data are being handled. In the world of digital marketing, transparency has become mandatory. This transparency would help digital marketers and agencies grow valuable, stronger, and relevant relationships with consumers and customers.

More so, because you are going to be re-evaluating your digital marketing strategies, it might just be the needed opportunity to clean and trim your database, update your privacy policies and the likes, to make it clear to your subscribers what their data you have is being used for, how they can make edits or modify this data, and how secured their data is.

At the end of the day, you might be left with a handful of subscribers but they will be those who look forward to hearing from you, those who value your product or services and your company, and above all loyal to your brand – nothing beats brand loyalty in business.