GDPR for marketing

What do you need to know about GDPR?

GDPR will affect both us and our clients. As a responsible agency, we feel it’s important to ensure that our clients are compliant with GDPR regulations prior to the commencement date to ensure that they’re not misusing customer data and are not at risk of receiving a huge fine for breaching this new set of rules.

What is GDPR?

The new General Data Protection Regulation (GDPR) is being brought into effect on 25th May 2018. This new set of regulations will set a new standard for companies that collect consumer data and will require them to change the way they collect, store and manage data and the processes used to do so.

This GDPR legislation not only applies to the collection of an individual’s personal data such as their name, email address and date of birth but also includes an individual IP address and cookie data.

The GDPR legislation covers all EU member states to ensure that all of these countries are held to the same high standard when it comes to protecting personal data and privacy for EU citizens. The new changes will affect all existing security systems and protocols and aim to provide better regulations across all exportation of personal data to outside of the EU.

What areas of GDPR affect marketing?

When it comes to marketing, GDPR is likely to affect your activities, whether you undertake them in-house, or outsource to an agency. GDPR aims to protect data meaning that your whole system of databases will all need to be reviewed prior to the GDPR changes.

The three core areas that GDPR and marketing overlap are:

• Data permission – opt ins/opts and consent
• Data access – a customer’s right to be forgotten
• Data focus – the legalities of processing personal data

Are there any other areas of GDPR that you need to be aware of?

GDPR not only affects your marketing activities but also the overall behaviours of your business. The GDPR legislation affects the data of your customers but also that of all stakeholders, including employees. The core GDPR changes will allow individuals to have:

• The right to access – The individual’s right to request free access to the personal data that a company holds on them. The company must provide a copy of this data, free of charge, at the request of the individual.
• The right to be forgotten – The individual’s right to withdraw their consent for a company to store and use their personal data. They can also ask for their data to be deleted completely.
• The right to data portability – Whereby an individual has the right to transfer their personal data from one service provider to another.
• The right to be informed – This section encompasses any gathering of data, whether this is by companies or individuals, and the necessity for these data collectors to expressly inform consumers how and where their data will be held if they opt-in. This must be clear and not deliberately misleading.
• The right to have information corrected – This section allows individuals to ensure that companies only hold accurate information on them.
• The right to restrict processing – An individual can request that their data is no longer used for processing, however, the information on their record can remain in the database.
• The right to object – This section allows individuals the right to cease the processing of their data, which must be enforced at the time of the request, with absolutely no exceptions.
• The right to be notified – Should a data breach occur, which includes the compromisation of an individual’s data, the holder of the data must inform the consumer of the breach within 72 hours.

How can you ensure you are compliant?

Although some terminology in the GDPR appears to be left to an individual interpretation, for example, it states that a company must provide a “reasonable” level of protection for personal data. For many of us, our version of reasonable may differ from our peers or other companies in the industry. This also allows the GDPR governing body a considerable amount of leeway when it comes to assessing breaches and determining the resulting fines for non-compliance.

With this in mind, we recommend that you always contact your account manager, should you have any questions or concerns about how you are using, collecting and storing customer data.

What happens if your business fails to comply?

If your company fails to comply with the GDPR legislation, your business could face a fine of up to 4% of your annual global revenue or €20 million, whichever is the greater value. This hefty fine reiterates the importance of ensuring compliance across the board within your business and justifies introducing extra training for all of your workforce, well ahead of the 25th May implementation date. Not only is a huge fine enough to ensure companies comply, your business could also cause permanent damage to your reputation and customer relations, by failing to align your processes with the GDPR legislation.

If you have any questions, concerns or want to know more about GDPR, get in touch with LITTLE today. We provide bespoke website and graphic design services and project or retainer based end-to-end marketing campaigns, to suit all niches.