Savvy marketers have likely noticed the media hype surrounding GDPR or the General Data Protection Regulation, which goes into effect on May 25, 2018. Privacy laws are changing, and companies’ marketing plans must change with them. The below rules affect direct marketing, email marketing, and CRMs, and they’ll require changes to corporate data collection channels.
Consent to Data Collection
The new law gives customers more choices over the companies from which they receive information. This is achieved through tighter data collection and consent rules. Consent has to be a concrete, informed, and specific indication of a person’s wishes; soft opt-ins are no longer allowed. Companies can no longer bundle consent to receive marketing info along with other agreements, which means many businesses will have to modify the consent and data collection parts of their sites to meet the new requirements.
Business-to-Business (B2B) Email Marketing
As of now, companies can send emails to business contacts without permission. Once the company or opts out, the emails must stop. However, for individuals, prior permission must be obtained. With the GDPR, there’s no distinction between businesses and individuals, and marketers must get consent any time data refers to a specific person.
The Right of Removal
The GDPR gives subjects the right to ask that their data be removed or erased. Under the legislation, an individual has the right to request that their data be erased from a company’s systems. This means that companies must know where data is held and that they must remove it when asked to do so. Many companies will have to implement processes to find and remove data from email lists, websites, CRMs, and third-party apps that retain it.
One of the strictest parts of the GDPR is accountability and demonstration of compliance. For instance, companies must verify the receipt of consent from subjects. One of the most effective ways to do it is to ensure that data is collected via double opt-in, which provides an electronic signature that proves consent. Audit trails for the collection, erasure, and storage of data can prove compliance. Companies must ensure that partners are compliant and that data access and erasure requests are handled properly.
The advent of the GDPR will bring a shift in many businesses’ marketing strategies. With a shrinking prospect pool, there will be more emphasis on inbound marketing than on outbound marketing. However, it’s harder to gain prospects with inbound marketing, and retention plans will become more important than acquisition strategies.
There’s Not Much Time to Get Ready for the GDPR
According to a YouGov poll done back in May, less than 30% of responding companies had begun preparing for the GDPR’s introduction. This is somewhat surprising, considering the severity of the penalties for breaching it. With the potential for steep fines and other sanctions, companies that don’t follow the new rules are leaving themselves vulnerable to potential legal and financial devastation. By learning the new rules of data collection, retention, and disposal, companies can protect their customers and themselves.