Is your Marketing GDPR Ready?
The deadline for the new marketing GDPR guidelines is set for 25th May 2018. For anyone who thinks that’s far away, it’s less than 100 days.
Businesses that adapt and offer consumers real choice around their data stand a good chance of being seen favourably – both by consumers and the ICO.
Have you done a Data Audit?
The first thing you should do is examine your data flows.
This kind of Data Audit will yield results that may come as a surprise to any business doing it for the first time and can often be a bit of an eye-opener for organisations.
Whether you realise it or not, there are always third parties, legacy systems or bits of data whizzing around that not everybody knows about.
You should look at all those different touchpoints where you are gathering personally identifiable information and map them out in a flow diagram. Even IP addresses are identifiable data, so it’s basically anywhere a customer is identifiable to you.
Remember, with the GDPR you need to be able to show whose data you have, where you got it, and who you have shared it with. Accountability is key.
What are the guidelines for consent?
The new marketing GDPR guidelines state that consent should be ‘freely given, specific, informed and unambiguous.’
Pre-ticked boxes or ‘tick opt-out’ boxes are on their way out.
The opt-in boxes must be held on a separate page to tone used for accepting the Terms and Conditions.
This means that many brands will have to be more detailed in their explanations of what they plan to do with personal data, and that consent must be signalled by a clear, affirmative action rather than simply not opting out.
If your consent is of a good quality and a high standard – if what you have been collecting over time fulfils the requirements of GDPR – then that’s fine. You can pretty much continue doing what you are doing.
If it doesn’t, you may have to go through a refresh process to bring that data up to the right standard.
If your current system complies with the GDPR’s guidelines, then you can use data that has been previously been collected when going forward.
If your current policy does not comply with the GDPR, now is the time to work out whether it’s worth recontacting older customers and seeking permission on whether you can use their data.
If you are still unsure of how you should manage your consent, check out the GDPR page on Verb Marketing for more information.
How sensitive is your data?
If you’re doing something straightforward, such as compiling data and segmenting your file based on customer’s age, what they have bought, or where in the country they live, then that is fine, and you shouldn’t have to worry too much as it can be explained very simply.
If you were doing something much more intrusive – maybe you’re going out to third parties and getting additional data about the income of the household or the car they drive – while you may have a very good reason for collecting that data, it might be more difficult to pass the balancing test to be able to do that under legitimate interests.
If you’re doing-particularly sensitive profiling, you might have to ask for consent.
There are few certainties yet about how the regulator will interpret marketing GDPR, but those brands that take the proactive steps outlined above can demonstrate their justifications for doing so, should avoid nasty surprises.
If you’d like to know more information on how your business could be affected by GDPR, contact a member of our team today.