Spare a thought for the companies who’ve built entire business models brokering consumer data. Or on second thoughts, maybe not. As the countdown towards GDPR – the General Data Protection Regulation – enforcement begins, the Marketeer in me is pensive over the implications of what this means, while my consumer brain wants to stand up and cheer with appreciation. One thing is certain however; GDPR will forever change the way we engage with audiences.
The measures in effect from 25 May will govern how any organisation handles data belonging to European Union (EU) consumers, and revolves around three basic principles: what data you can collect, how that data is maintained, and how you can use this data. Enforced by each EU member state’s designated Data Protection Authority, the GDPR is designed to give EU residents better transparency and control over their information, with any organisation in breach of the e-privacy directive facing fines of up to €20M or 4% of their total worldwide revenues. This is serious business.
Under the guidelines of the directive, any individual has the right to demand visibility into their personal data’s chain of custody. Organisations must be able to prove the origins of how the data came into their possession, go back to the beginning of your interactions to show how it’s been shared and with whom, the application methods for how your personal data has been used, how it’s being protected and when requested, comply with an individual’s right to be forgotten. In such cases opting-out contacts is no longer an acceptable practice. You’ll need to completely delete all data belonging to an individual’s profile, along with the transaction and interaction history. All of which should be clearly outlined and updated in your privacy policy in preparation for compliance.
For Marketing practitioners, the GDPR ruling will require some pretty significant changes in how we’ve traditionally interacted with prospects and customers. That prospect data you wanted to purchase from a list broker for your campaign? That’s now pretty much out of the question. Running a program of content syndication for your whitepapers? Well you better make sure you have complete visibility into how the media partner is asking for consent to share information with third parties like you. Same goes for attendee lists you’ve negotiated to receive from event organisers as part of your sponsorship agreement. Implicit opt-ins (i.e. pre-checked boxes) on registration forms will no longer be acceptable, and we’ll begin to see more and more double opt-in practices start taking effect. Augmenting customer profile data through the use of data enrichment tools or by tracking user behaviours through cookies will also become a thing of the past.
Yet I can’t help but feel that overall, there’s a huge opportunity presented here. Once the painful purge process and steps towards compliance are complete, you’ll end up with a database of contacts who – arguably, will be much more engaged. More importantly, Marketeers will be pushed towards thinking about how we reinvent the engagement model beyond email marketing, to become meaningful and relevant in our communications with customers. I foresee community-building initiatives becoming the next big thing in marketing, as we switch focus from email marketing to curated comms distributed through mobile app messaging, special-interest group channels like Slack and WhatsApp, or other native platforms where we can organically engage with an already existing critical mass.
Boxed into a corner, we’ll have no other choice but to innovate. And that in itself is no bad thing.
For disclaimer purposes, I’m not an authority on e-privacy legislation. As a starting point, refer to this helpful guide prepared by the UK’s Information Commissioner’s Office to help get to grips with the basics of GDPR, and seek legal counsel if necessary to understand how this may impact your business.