Many marketers need clarification about the regulations surrounding data privacy and, in particular, the GDPR. How does the GDPR work? This guide for marketers will help you get your marketing processes under control regarding GDPR regulations.
You can also listen to Steven Roberts’ podcast on Data Privacy 101.
Prepare for GDPR
Audit your data
This guide is for marketing professionals who work at companies that process data about EU citizens. Inadvertently, many companies outside the EU process data about EU citizens. The first step is for these companies to audit their data to determine if any relates directly to EU citizens.
Pro Tip: Do not assume that just because you are GDPR compliant, you will comply with all local regulations. Although GDPR may be the world’s most rigorous data regulation, it is essential also to understand the nuances of any local rules that apply in markets where you do business, like the California Consumer Privacy Act.
Learn about your IT team.
Marketing and IT are both responsible for the majority of GDPR compliance. This guide will discuss items that fall under the marketing department, but you’ll need to work closely with your IT provider or department.
You will be asked to help the IT department with essential GDPR elements, including:
Where data is stored. It is on an old machine or a server at your premises. (Is it on the cloud?)
Prepare for a breach of security
Ensure that security measures are in place at every stage of the data processing process
GDPR Compliance
Data is often called the ” new oil.” Please take steps to ensure that you are using it appropriately.
In recent years we have seen several high-profile breaches with financial and reputational implications. British Airways was fined PS20,000,000 for failing to safeguard the financial and personal details of over 400,000 customers. Marriott Hotel Group was fined PS80.5 Million for not protecting millions of customers’ personal data.
Several factors cause non-compliance. It may be a deliberate decision. In many cases, organizations need to be more transparent when it comes to how they handle personal data. In most cases, the problem is caused by human error or carelessness on behalf of an organization. This is why it is important to continue training!
Did You Know? EU Data Protection Authorities fined nearly EUR1.1 Billion in the 12-month period up to January 2022.
Companies must:
Transparency in the way they collect and utilize personal data.
Put in place processes and procedures to protect these data.
You must be responsible when your data is compromised.
For more information about the responsibilities of marketers in GDPR compliance, please see our GDPR Marketing article.
Steps to GDPR Compliance
Check out our GDPR checklist:
Make sure your privacy page is up to date.
Check your existing databases to see if there is consent for opt-in.
Re-opt-in campaigns to existing databases.
Create a system for consent by opting in.
Bring the sales team in.
Check third parties that have access to your database.
Have a simplified process for requests for information.
Prepare yourself for a breach of security.
Step 1
GDPR has strict rules regarding privacy policies – what they must say, how to access them, and how to write them.
The GDPR requires that your privacy policy be “concise and transparent” and that it is written in a language that’s “clear and plain.”
You must provide a “meaningful summary of the intended processing,” i.e., how you plan to use the collected data.
Please provide the name and contact information of your data controller and that of the Data Protection Officer in your organization.
Identify the organizations that you plan to share your data with and the protections in place for the data transfer.
Please also provide the following information:
The criteria for determining the intended retention period
Information on the rights to access, correct, or delete personal data
Information on the right of withdrawal for all data processing purposes
Right to file a complaint at a supervisory authority
Details of any automated decisions, including the logic and possible consequences to the individual.
Top tip: Take the lead and identify advocates of data protection within the organization. GDPR is not just a concern for marketing!
Step 2
Start by determining if you have explicit consent for the use of personal details in your database and what specific purposes they have given their consent to.
Divide your database based on the documented consent of each purpose. Create a plan of ‘next actions’ for each list. This will include contacting people to confirm consent or ask for consent for different purposes. In the following scenarios, you may need to confirm your opt-in:
Contact information sourced by third parties
No opt-in record
Unspecific opt-in
You can opt out of certain uses that you may have used or would like to use your data for
If you’ve been opting in but not engaged for a long period
Step 3
Create engaging campaigns based on the lists that you have identified in Step 1. Ask contacts to opt-in or re-opt in for certain purposes you want to use their information for.
It is not an easy task, as the consumer’s attitude towards their privacy has never been so tense. If you don’t have their trust, they won’t share this valuable information with you. You can reassure your customers by demonstrating your commitment to the GDPR. This will also enhance your company’s reputation.
Tell the consumer the benefits and why you need their consent. Also, assure them that their data will be protected to the highest degree.
Choose the right message for every campaign.
Create landing pages that are engaging and opt-in forms.
Follow-up emails from your marketing or sales department with personal phone calls if it is relevant to your business.
