GDPR, a challenge and a wonderful opportunity for marketing professionals
GDPR will be enforced as from next 25 May, although this European regulation came into effect in 2016. And although we should have taken action some time ago, if we have not yet done so, now is the time to act, on both a technological and procedural level.
ICT-related manufacturers and service providers are sharing a great deal of information on the steps they are taking. Their aim is to ensure regulatory compliance for “D-day” and to help their partners be prepared. Those, like us, who form part of this channel, must take the lead and be capable of providing solutions to the new needs of our clients. This is something which, as we saw in our previous post on IDC predictions for 2018, some members of the channel are already involved in by specialising in compliance-related consulting.
“Is the application of GDPR important for Marketers?” Yes, it will have a strong impact on our work.
Firstly, we can no longer use client data so gleefully. We must strictly abide by the already strict LOPD and ARCO rights (access, rectification, cancellation and opposition). But GDPR takes the regulation to the next level, compelling us to be much more cautious if we wish to avoid any setbacks.
But before we continue, we need to underline that GDPR protects people, European citizens. It therefore affects personal data, not corporate data. For example, it protects the use we make of an individual’s personal email; not the information relating to his company account when it has been obtained in a professional setting.
Our clients must clearly understand what data of theirs we possess and what we use it for. To do so, and when an organization has over 250 employees, we are obliged to document in detail how we process the data. These documents may be requested at any time. We need to keep them readily accessible and up to date.
We may only use this data for the purposes for which it was furnished. Once this purpose has been served, be it a competition, campaign, contract…etc. we must delete it. This is “too complex a process” for 90% of companies according to the Symantec State of European Privacy Report. And one for which 60% of organizations have not prepared their information systems.
This is fundamental in preventing any data leakage. And closely related to this is another important parameter: the integrity of the information and confidentiality in the use of same.
Unequivocal consent to use the data
This is undoubtedly a complex issue. The regulation indicates that consent must be freely given, informed, specific and unequivocal. It cannot merely be “deduced” from the data subject’s silence/omission. Tacit consent ceases to be legal and we must then be able to demonstrate that the user lent their permission.
Right to erasure and portability
If our organisation has already adapted to the current law as regards the right to erasure, we have nothing more to do. Yet portability itself poses an additional, important challenge. We must be able to compile the data and give it to the person in a “structured and commonly used format” so that it can later be utilised. Again, a complex technical question… Is there a standard? Well no, not really.
We’ve left this to last, but it’s not exactly the least. Our teams must be perfectly trained vis-à-vis GDPR, as regards codes of conduct and the reporting of any breaches. We don’t need a hacker from outside the organisation embarrassing us. If we detect any improper use or information leak, it must be reported and immediate action taken.
Our successful solution: anonymisation
So as not to discard much of the data we possess, anonymising it plays an essential role in our processes. We must remember that we are not obliged to delete everything. Only the information that links a person to a given register.
For example, if we keep an access log to our website, we can note down the IP addresses of visitors to have them perfectly identified. The regulation signifies we can continue to store the time, day and time spent on the site, the pages visited…but we must erase the browser’s IP.
GDPR, a challenge and magnificent opportunity
Our intention is not to cause alarm, but to raise awareness that GDPR is a challenge and, of course, an opportunity to improve our processes. On many occasions we gather more data than necessary or may use third-party data improperly… This is an issue to be remedied.
GDPR will compel us to be more creative and more innovative, to value more than ever the acquisition of opt-ins and to work hard to offer value in exchange for this data. Content and inbound marketing strategies will make more sense than ever. Our clients will appreciate our handling their data with greater privacy and respect. And this will be the cornerstone on which to build our brand. And the knowledge and use of new digital marketing technologies will enable us to interact with consumers in a much more interactive and immersive manner whatever their location.
Client information will continue to be one of our chief assets and we must therefore focus more strongly on handling it properly; on cultivating it to create new business opportunities.
Next week we’ll be sharing more details on how we believe we can leverage this opportunity in our Marketing actions.