If you’re a digital marketer, chances are GDPR compliance has probably been on your mind ever since it went into effect in May 2018. Failure to comply with a series of strict requirements underlined by the GDPR can actually result in a fine of €20 million or up to 4% of a company’s annual global turnover. News portals like Chicago Tribune and Los Angeles Times responded by making their site entirely unavailable to Europeans. Media networks like NPR asked users to either agree to their new terms or they were redirected to an archaic plain-text version of the site. You must have also noticed the vast majority of Websites you yourself happen to frequent have added a plethora of pop-up “consent boxes,” too.
The truth is GDPR might have been designed to protect European residents, but it has been impacting entities all over the world, including major businesses. In fact, according to The Register, within just the first nine months of GDPR having rolled out, fines worth €56.96 million were issued across 206,326 GDPR-noncompliance cases. Global giant, Google, was also slapped with an enormous fine.
What Is GDPR?
According to a Consumer Privacy study TRUSTe/NCSA conducted, 92% online customers find privacy and data security a concerning area. Likewise, according to the Chartered Institute of Marketing’s report, 57% of consumers don’t think brands are using their data responsibly. Even the Symantec’s State of European Privacy Report indicates 90% businesses think it is too difficult to delete customer data – 60% don’t even have systems in place to care care of this! As a result, the General Data Protection Regulation (GDPR) was introduced last May to protect how the personal information of European Union (EU) based residents is collected, used and stored.
Irrespective of whether your business is based in the EU or not, if you are collecting personal data from any EU residents and/or are offering goods/services to them, you are automatically expected to comply with GDPR guidelines. Yes, GDPR also impacts bloggers who draw traffic from EU countries.
What Are GDPR Guidelines? –
In order for your business to be GDPR compliant, it needs to meet the following 8 guidelines –
1) A clear statement of consent must be available in easy-to-understand language, sans any legal jargon.
2) An opt-in box must be in place without any pre-ticked boxes or implied consent in case of inaction / silence. This must be separate from the Terms & Conditions section of your Website. Please note that consent cannot be a pre-condition for service as that is coercive.
3) You need to explain why you’re obtaining personal data and what you intend to do with the obtained data – in essence, there needs to be full transparency. You also need to mention the third-party controllers that will rely on personal information being obtained.
4) You must explain how a user can easily withdraw consent – you must have an actual mechanism in place to forget/erase data as and when a user wants. Additionally, users should be able to request a report to access their data.
5) You must keep a record of the consent you obtain.
6) Although the default setting for all users should be “strict,” if data is ever breached, individuals must be informed. And, data breaches that pose a risk must be reported to a relevant authority within 72 hours, as well.
7) A data protection officer needs to be appointed if you are regularly monitoring information that is sensitive (i.e. race) or monitoring personal data on a large-scale or you are a public authority.
8) A process needs to be in place to verify age and obtain parental consent for users under the age of 16.
How GDPR Impacts Digital Marketing
As you can imagine, GDPR impacts pretty much all digital marketers because they rely on information such as IP addresses, cookies, name, gender, age, email IDs and location data in their campaigns. Digital marketers now need to take a step back and look into the following –
1) What data is being collected? (and, which parts are actually relevant to retain)
2) Where has pre-existing data come from and was there active consent for it?
3) With whom is data being shared?
4) Does data contain any information from existing EU residents and/or will it contain any such information in the future?
5) If data is being collected by third-party service providers is it GDPR compliant, too?
Based on the eight GDPR guidelines outlined above, make sure you take care of necessary elements – i.e. updating your privacy policy and consent-obtaining methods accordingly, having data erasing mechanisms in place and appointing a data protection officer, etc.
Stay tuned for part two next week, in which we will take an in-depth look at how GDPR guidelines impact digital marketing across different channels and the benefits it might pose in the long-run!
