Is GDPR the end of marketing as we know it? While GDPR is not something to ignore, it doesn’t have to be something that stops your marketing in its tracks. This blog post will give you a basic understanding of what you need to know about GDPR to be prepared and to begin to develop a strategy for your organization.
So What Exactly is GDPR?
The General Data Protection Regulation (GDPR) is a European Union Privacy Law. The GDPR introduces new requirements for companies in several key areas:
Right to data access
Right to rectification
Right to be forgotten
Does this apply to my business?
What should I do to cover my bases?
Segmenting Your Audience
A great place to start is segmenting your contact data to separate EU contacts from the rest of your contacts within your databases. Be sure to consider all the systems where you keep contact data, like your email automation, CRM or digital advertising, etc. Once you have your lists segmented this way, you have some flexibility in how you deliver marketing communications in accordance with privacy laws.
Capture and Manage Privacy
Once you have segmentation in place, you will want to work on operationalizing privacy preferences across all your marketing activities so that it can be implemented and changed automatically and seamlessly, without depending on manual human entry.
You will want to set up an Opt-in campaign to reach out to your EU audience segment to ask if they would like to opt-in to communications from your organization moving forward. This is a great way of cleaning your database and mining for active leads and influencers.
Managing EU Opt-Outs
This step can be the most complex and laborious depending on your martech stack.
Your European audience has several new rights that will affect the way you will need to provide privacy preference data:
“Right to data access” — they get to view all the data you have stored about them, how you collected it and how you use it.
A clear description of communications preferences and easy management of them.
The ability to opt out of any communications or of processing of their data.
“Right to be forgotten,” meaning that your company must delete any and all information you have on the person from all your systems.
When you think of marketing automation systems, CRMs and email, you can imagine how much information you need to be able to generate for each customer.
When you add social media, browser and mobile device tracking, chatbots, location tracking, voice systems like Alexa, and more exotic methods of data collection, it gets quite extensive and integrating your systems together to see each customer profile from all channels becomes more of a must-have rather than a nice to have in order to meet these requirements.
Purchased lists will be the biggest lead generation tactic affected by the policy. Buying lead lists with EU contact data or using a service that provides lead lists will carry serious GDPR violation risks. Make sure any lead list service or vendor you engage with will guarantee their lists are populated with people who have opted into marketing communications from other vendors.
There are several different aspects of advertising that you need to consider, each affected by GDPR in different ways:
Retargeting based on social media behavior
Look-a-like audiences on social media
As with all things GDPR, caution should be the priority. Certain rules around the GDPR are subject to interpretation and will likely evolve over time. We highly recommend you consult with your legal counsel and security professionals for specific direction and planning, this blog post should not be interpreted as legal advice. While certain marketing practices will change due to the policy, they will also constantly evolve to serve the customer and their experience.