GDPR: The good, the bad, the ugly and how to be prepared!

Standard

Note: These are just my random thoughts at this hour, ignore the typos and the grammar!

Most of you who are in the marketing profession, are probably running scared of one acronym right now: G.D.P.R!

That is the General Data Protection Regulations that come into force in May 2018.

Note: I am writing the ramblings fromWhat this will be doing is strengthening the data protection offered to consumers, whose data an organisation may be processing.

Now, I am not going to delve into the legislation too much, as it is a vast subject to cover.

What I’d like to very quickly discuss is what the status quo is and how you can prepare to be GDPR compliant.

The greatest impact that these new regulations will have for marketers is that we will not be able to use personal information to market to people without their consent. So that means no direct mail, outbound calling, SMS or email marketing without capturing our customers’ consent first.

For many years, many commercial organisations have been getting away with the ‘soft opt-in’ loophole. That is, if a person has become a customer of our business, we can assume that they have granted us consent to market to them, unless they explicitly have told us not to contact them.

Using this loophole many commercial entities have used email, direct mail and outbound calling to market to existing customers.

Come May 2018, this soft opt-in will no longer exist. We will need to capture our customers’ consent to market to them. The consent will have to be captured at a granular level as well. That means to email them, they will need to have ticked a box; to call them, they would have needed to tick another box, and so on.

Just to make life slightly more difficult, the regulations require us to keep an audit trail or people’s consent – yippee!

For some of the organisations I have worked with, come May 2018, they will not be able to market at all to their customers, as they have not captured consent on any level whatsoever!

Personally, I think these regulations are long overdue. Privacy is a very hot topic, especially amongst the EU technocrats.

So how can you prepare for D-Day?

Well, you can start collecting permission from your customers right now. Send them a simple email linked to a Google form, asking for them to submit their communication preferences.

Email is cheap – practically free!

If your customers are more old school, send them a letter and ask for them to submit their preferences on an online form [located on a special link] or by returning a completed slip to your business.

And if you’re feeling even more adventurous, you can use digital display advertising targeted to your existing customers, asking them to submit their communication preferences.

Chances are that most people will probably ignore you. However, if you are not a serial spammer, then you should have no problem in obtaining consent from your most loyal customers.

So what will happen if you do not comply with the new regulations?

Well the ICO [Information Commissioners Office] will monitor the level of complaints against your organisation and may end up launching an investigation. This could lead to a fine up up to 20 million euros or 4% of your global turnover!

It doesn’t matter if you are a small operation or not, if you’re in the business of mass marketing, using people’s personal information, you need to get compliant.

The first step in the process is to do a Consent Audit of your current customers and see if you’ve collected any consent, whatsoever. Following on from that, you can formulate an engagement plan on how you will capture the consent of your other customers.

That’s a lot of words I’ve written in 15 minutes! If you get stuck, as always, I am here to assist 🙂