Skip to main content

GDPR Implications For Digital Marketing

The Digital Marketing Context

You must have come across Privacy change notifications across your social media accounts like Twitter and Facebook if you logged in recently, its GDPR which is making these brands more cautious. Personal data and privacy discussions are a trending topic this year. If I were to look at data, “Google trends” at least it says so. People have suddenly got interested since April 2018 which has not been the case otherwise.

google trends for GDPR

From the Cambridge Analytica and Facebook data scandal to growing concerns over ad tech fraud, a definite solution and regulation is needed more than ever, today. Fortunately, EU is pioneering this global need starting May 25 this year.

“GDPR” or “General Data Protection Regulation” will be enforced across 28 countries in the European Union by May 25 which aims to improve transparency and effectiveness of data protection activities.

This has been a major change in marketing regulations towards data privacy since last two decades. Whilst it implies multiple “To-Dos” to be implemented at an organization level to ensure GDPR compliance, Digital marketing as a function is at the centre stage of all campaign-related data collection and communication. In this blog, we shall be exploring more about Who, what, When, Where and How of GDPR implications for Digital Marketing as a function.

Who will be impacted by GDPR?

All 28 countries in the European Union, every business dealing with data of the customers and prospects residing in EU, despite the business being outside the EU.

What will be impacted in Digital Marketing?

Data Permissions:

Soft opt-ins are out of the window and not compliant, age-old tricks won’t work now, digital marketers will need to ensure hard opt-ins which must specify the purpose the data collection, why it needs to be stored and in what way it will be used in future.

Data Access

Users must have access to their data in your systems, Essentially, what data you have about them and they can also ask for it to be deleted.

Data Focus

Digital marketers must ask for what is really needed in specific. Remember how annoying it is when you download an app for music and it asks your permission for location. (very common on Android) which has ultimately led to another set of apps which advice on your privacy risks, DTEK by Blackberry or Sophos mobile security does the same for instance.

When is the Impact?

May 25, organizations were given 2 years to comply with all the requirements so far. Please educate your marketing, staff, IT department and web administrators with immediate effect.

What if we don’t implement GDPR compliance in Digital Marketing?

There are 2 tiers of administrative fines:

1) Up to €10 million, or 2% of annual global turnover, whichever is higher.
2) Up to €20 million, or 4% of annual global turnover, whichever is higher.

Source: IT Governance

Not serious, Honda was fined £13,000 for an email alone – Read More

Where will GDPR impact in Digital Marketing?

Website

It implies to update your privacy policy, why information is collected and how it is being used. Landing pages on your website need to be GDPR ready /complaint. CRM and Emailer tools, you are using must have compliant features as well. If you are using front-end designs or forms on the website without any emailer automation tool as such, it’s time to ask individual consent with explicit permissions. I would also recommend using a mailer automation tool with your landing page forms.

 

Search

Any outreach campaigns for paid search in the EU should be dealt with caution, campaigns promoting download an asset in exchange of information should have an explicit consent. Google, for now, has been asking advertisers to own this as well. However, they will refine the policy soon for users in EU for consent. It seems a bit difficult for everyone as Google themselves are taking time to do this.

Additional Source: Search Engine Land

 

Social Media

On the usage side of these platforms, the consent and data use will be covered by the terms and conditions and privacy notices of each of these software tools in specific, thus, digital marketing may not need to worry here directly. Due to existing legislation which is known as EU-US Privacy Shield, US companies (including social media application providers) can self-certify and commit to this framework agreement which underpins their protection of EU citizen data entrusted to them. In a nutshell, it means that both you and your social media audience agree to the terms of the tools you use.

Most of the leading social media platforms have already announced being GDPR compliant or they are planning to have it soon.

Emailer Automation

This will be impacted the most in Digital marketing as it deals with an individual in specific through email IDs, directly hitting the privacy cord of GDPR. Emailer outreach programs have been bothering people across the globe for a while now. A lot of brands utilize this for organic growth including demand generation campaigns which may not be the best way forward, it also because of the fact, perhaps, that once a company commits to invest in marketing automation (say 6 monthly or yearly), it doesn’t not involve cost every time you run a campaign, Google AdWords for instance, is another channel which has a cost associated, every time you use it.

How can Digital Marketing function be made GDPR complaint?

Digital Marketers must know the chapter 3 of GDPR in details which talks about Rights of the data subject (your Target person in specific) which should serve the basic information to adopt best practices in digital marketing for making them GDPR compliant.

Rights of the data Subject:

1) Transparent information, communication and modalities for the exercise of the rights of the data subject
2) Information to be provided where personal data are collected from the data subject
3) Information to be provided where personal data have not been obtained from the data subject
4) Right of access by the data subject
5) Right to rectification
6) Right to erasure (‘right to be forgotten’)
7) Right to restriction of processing
8) Notification obligation regarding rectification or erasure of personal data or restriction of processing
9) Right to data portability
10) Right to object
11) Automated individual decision-making, including profiling
12) Restrictions

Quick implementation Guidelines for GDPR compliance

What should be done on your Website?

1) Update your privacy policy. This page must be duly reviewed and signed off by your legal counsel. Make this page easily available across your website’s navigation. A defined place in sitemap or footer of your website for instance.

2) You may want to use standard privacy policy complaint templates to learn, edit as appropriate with your legal team and publish.

Listing down few such websites that provide standard templates:

Termsfeed

Shopify

Free Privacy Policy Generator

WewillThriveUK (contains quick word template)

What should you include in your privacy notice? By Information Commissioner’s office (Guide)

3) Update your subscription form for blogs and newsletters to specify the reason for customers to opt-in explicitly.
4) All forms on landing pages should be linked to Privacy Page of your website.
5) You can also try the use of push notifications to send a message to your subscribers at any point in time

What should be done with your Emailer automation tools?

1) Provide an explicit Unsubscribe option for all your contacts.
2) Maintain a personal profile of your users specifying which data you have about them with a provision for them to delete a part of the whole of the data.
3) Run a smart email campaign to get new and explicit consents from users if not already (the past data may not be of much use) you may want to use a pop-up on your website if mailers don’t work.

What should be done with your CMS?

Most of the brands and plugins on WordPress have released new versions and updated their policy policies this week. It will continue to be the trend next week. It is high time you visit your CMS consoles and update all plugins and notifications, if not already.
Educate internal stakeholders and most importantly anyone who reaches out to your business prospects first. Sales department, for instance, is a must educate.

Reach out to all your marketing partners and agency to make sure they too adopt GDPR compliance for any campaigns on your behalf.

Conclusion

While GDPR aims to bring in more transparency and safeguard privacy rights of individuals and businesses in the EU, it also implies a direct hit to businesses and companies doing lead generation through emailers or direct cold calling targeting users in the European Union. This is much needed as it brings in more maturity to digital marketing as a function within an organization and safeguards interests of the end consumers at the end of the day. Smart marketers, however, can look at utilizing chatbots rather, for serving needs of your customers in real-time.

There are guidelines to make your organization GDPR compliant, businesses have cropped up promising to make your organization GDPR ready, one must also look at having a full-time department or a Global compliance officer to ensure this is implemented strictly across your digital marketing and other organizational functions.

Know more about GDPR and chapter inclusions

UK’s Information Commissioner’s website for Guide to the General Data Protection Regulation (GDPR)

Direct Marketing Guidance, Must read of all marketing experts (pdf)

Hope you find this blog useful, what are your comments, thoughts or suggestions on GDPR implications for Digital Marketing, please let me know in the comments section below.

Disclaimer: The content of the blog post above (including all responses to comments in the section below) is not to be considered as any form of legal advice and should be used for information purposes only.

neeraj

Neeraj is an Inbound Marketing Professional with over 8+ years of experience in B2B Sales & Marketing. He believes in applying technology to marketing practices for driving demand & business outcomes.

Leave a Reply