The following article was published on Forbes.com on November 29, 2017.
General Data Protection Regulation (GDPR) is one of the hottest topics making the rounds right now. Before you immediately dismiss it as not being something you need to care about, take a minute to read through the rest of the article – it may save you some major headaches come May 2018 and beyond.
So, let’s start with the basics – what is GDPR? Isn’t this something that just compliance/risk people or the lawyers have to worry about? This new regulation coming out of the EU is going to have significant impact on organizations worldwide. The intent of the regulation is to protect personal information for individuals within the EU. Let’s pause here a second and let that really sink in. As marketing professionals, are you collecting an individual’s information through activities such as website forms or perhaps through badge scans at a conference? Likely your answer is yes and that means you’re on the hook for complying with GDPR.
It’s important to note here that while GDPR explicitly protects EU citizen’s data, any organization collecting data on individuals, sharing data or selling products and services within the EU will be subject to adhering to the regulation.
Let me throw out two more important pieces of information, the regulation goes into effect May 2018 and the penalties for noncompliance are steep (up to 4% of gross revenues globally - not just in the division/geographic region the non-compliance occurs).
What Do Marketers Need to Pay Attention To?
There’s a fair amount of ambiguity in the regulation, leaving it open to some interpretation. But the takeaway is that it will change the way you communicate and interact with your prospects and customers. And it’s definitely not an option to ignore GDPR compliance.
While other parts of the organization will be focusing on other aspects of GDPR compliance, the key points marketers need to focus on include:
- Consent. A big part of compliance will be the ability to show explicit consent for using an individual’s data. As you collect personal data, it will have to be used for a specific purpose and consent will have to be given for each purpose. If someone does not wish to be contacted, you cannot contact them.
- The Right to be Forgotten. If an individual would like for you to delete their data, you must do so upon request.
- Individual Control. Individuals will have more control over what happens to their data, making third party data more challenging to purchase and use.
- Accuracy. As part of the regulation, you will have to ensure that the data you have is up to date and accurate and is not being kept longer than necessary. To show this, you’ll need to have the ability to keep an audit trail of data collection and usage.
- Fines. Again, these are not insignificant. This can be up to €20 million or 4% of total annual revenue.
Complying with GDPR
Let’s get to the nitty gritty. What are you going to need to do to adequately show that you’re complying with GDPR? You’ll need to:
- Be able to identify what data can be classified as GDPR personal information.
- Know where this data resides, who uses it and how it is used.
- Demonstrate to customers that their personal information is being handled appropriately.
- Establish or tweak policy and process to provide what you need to demonstrate compliance.
- Collaborate with other groups within your organization.
- Invest in appropriate technology to support GDPR compliance.
This can feel like a huge undertaking, but rather than looking at this through a negative lens, let’s stay positive! Let’s approach this challenge as an opportunity to get a leg up on the competition through improved data quality, transparency and data governance at your organization. And let’s also not underestimate the value of the insights you’ll be privy to when you can track and understand how you are engaging with individuals. And lastly, when you have great data to build your marketing activities around you’ll be able to attract more desirable prospects through meaningful and customized interactions and drive more revenue.