You might be getting a bit GDPR-d out and that’s understandable. For tech marketers and content strategists the question of what the General Data Protection Regulation means to us, feels a bit like my attitude to Brexit as an EU citizen living in Britain - I’ll deal with that situation when I absolutely have to.
So here’s the thing, that won’t work. Like it or not, anyone in possession of customer data will need to be compliant by next May.
What does GDPR mean to B2B tech marketers?
In a nutshell, GDPR will require marketers and advertisers to obtain active consent for any data collecting activities. GDPR also contains strict new rules around individual data, including customer consent and their “right to be forgotten.” GDPR will be unforgiving to those who fail to comply; organisations will face astronomical fines of 20 million euros ($24 million) or 4% of annual global turnover, whichever is greater.
How does it impact tech marketers?
Opt in - The first is regarding opt-ins, opt-outs, and consent regarding communications. If you run newsletter campaigns, marketing automation, any data tracking on your website, you might want to read on.
GDPR mandates that consent must be ‘freely given, specific, informed, and unambiguous’, and articulated by a ‘clear affirmative action’. That means you can’t assume consent based on ‘inactivity’, and a pre-ticked box isn’t going to cut it. Prospects and customers must agree that their data can be used and that they can be contacted.
A caveat - The situation with B2B marketing is less clear. Within the UK we are ‘protected’ by the Privacy and Electronics Communications Regulation, which is this country’s implementation of the EU-wide E-Privacy Directive. In essence this means that in the B2B arena we have opt-out legislation rather than the opt-in path GDPR takes us down.
There has been a fair bit of discussion about whether the E-Privacy Directive would be amended to bring it in line with GDPR. Until as recently as last December it looked like this might be the case. However, the first draft of the E-Privacy Directive was published in January and has stayed with the opt-out position for B2B rather than the more draconian opt-in consent position.
It might be best to be better safe than sorry as drafts do change and nothing’s iron clad yet.
Right to be forgotten - GDPR is designed to confer more control to individuals over how their data is collected and used – and this means giving them some means of accessing and removing their data. They can do this when there’s no legitimate reason to process their information, when they withdraw consent for it to be used on the original terms, and when it’s been unlawfully processed.
Legal justification for collecting personal data - Practically speaking, this will require better housekeeping on the parts of marketers – and less collecting data for unnecessary, or frivolous reasons. You’ll also need to keep a clean database of the legal consent given for data collection and what communications your audience has agreed to receive or not receive.
Programmatic - GDPR could have a huge impact on programmatic advertising because it will require advertisers to obtain active consent from customers, which will involve them specifically opting in to, rather than out of, a deal. Read more about that here.
Purchasing data lists - you can but new data lists will be much smaller and probably more expensive. Also, as a buyer you must make sure you know the data you’re buying is double-opted in. Make sure you buy from reputable sources and insist on receiving the provable audit trail, too.
So what’s a sensible GDPR checklist for marketers?
1. Determine if and how you will be affected by the GDPR – this is easy to assess. If you are sending emails to anybody in the EU you will affected by the GDPR. Your location doesn’t matter.
2. Make sure you understand the penalties. They are significant.
3. Plan according to the timeline. You have about 6-8 months left to get as much data double opted in as possible.
4. Establish which controls you will need in place such as an opt-in service. Chat with your email providers to understand what they have in place.
5. Get the specifics of your opt-in statement right. Talk about the catch-all, but remind them to get it approved by their legal team. Get the balance of the wording right. Be clear and unambiguous.
6. Check that your privacy and cookie consent policies are transparent in compliance. 7. Get explicit double opt-in consent from those with implied consent… in other words, from your customers and engaged data contacts. Email them and explain why you need them to double opt-in.
8. Get as much of your data as possible to opt-in to your future communications as soon as you have the above all set up. If you host events ask attendees to opt for the slides, have a pop-up on your website and run double opt-in campaigns.
9. Buy as many targeted data lists as you can now and get as many of them as possible to opt in to your communications.
If you haven’t already done so, tech marketers need to analyse their data processes, in particular:
• How you collect it (the double opt-in process)
• How data is recorded (the provable part)
• The storing system (safety and privacy paramount here)
• The retrieval process (you need to be able provide data if requested)
• The disclosure process (who you share details with – you need to be crystal clear on this and you share responsibility with other parties that hold the data)
• The erasing process (the right to be forgotten)
That's it. Hope this helps.