GDPR Law - What Every Digital Marketing Company Needs To Know
General Data Protection Regulation – GDPR Law is the new EU’s new data privacy law which is highly trending news these days. Digital marketing is a sector that has been vocal in its concerns about the future of email marketing and other strategies it employs daily on a professional basis.
What Is GDPR – Brief Summary
GDPR is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.
The reforms are designed to reflect the world we’re living in now, and brings laws and obligations – including those around personal data, privacy and consent – across Europe up to speed for the internet-connected age.
Fundamentally, almost every aspect of our lives revolves around data. From social media companies, to banks, retailers, and governments — almost every service we use involves the collection and analysis of our personal data. Your name, address, credit card number and more all collected, analysed and, perhaps most importantly, stored by organisations.
What Changes Does GDPR Law Impose?
GDPR sets out six principles in the regulation. These principles ensure that the processing of data is done lawfully and fairly, is collected for explicit legitimate purposes whilst making sure the data is adequate, accurate, and retained for only as long as necessary.
The data must also be processed in a manner that maintains the integrity and confidentiality of the personal data.
Some of the key privacy and data protection requirements of the GDPR law include:
- Requiring the consent of subjects for data processing
- Anonymizing collected data to protect privacy
- Providing data breach notifications
- Safely handling the transfer of data across borders
- Requiring certain companies to appoint a data protection officer to oversee GDPR law
GDPR And Digital Marketing
In digital marketing, we rely on the personal data collected from different devices to build buyer personas, create tailor-made customer journeys and provide a personalised customer experience. However, collecting and managing data will be more challenging once the GDPR goes into effect:
- User Data Control: users will have full control over their data; the right to access, consult, rectify or have it deleted.
- Data localisation and infrastructure: data will have to be stored in Europe.
- Compliance: anti-spam governance opt-ins, opt-outs, etc. will have to be introduced and pages containing personal data will need to be password-protected and data encrypted. A solution will be to introduce a global profile management page, and cross-channel that works for email, cookies and everything that is related to your organisation’s data.
- Consent management: users will be able to give and withdraw consent and the records must remain auditable at all times.
Additionally, the above mentioned points must be self-evident and subject to audit. However, the biggest challenge for the digital marketing companies will be the obligation to obtain unambiguous and verifiable consent from customers for processing their personal data.
Without this consent, firms will be prohibited from storing any user data, and therefore, they will not be able to run marketing campaigns based on the data they collect.
GDPR Means For Digital Marketers
There are definitely some clear guidelines that outline the dos and don’ts of gaining consent from the consumers:
- You must be able to demonstrate how the data subject has consented to the processing which means marketing must record how and who gave consent.
- The data subject must be able to withdraw consent at any time the right to object and it shall be as easy to withdraw consent as to give it. This must be demonstrated by policy and process how to withdraw consent.
- Consent should cover all processing activities carried out for the same purposes.
- If processing for multiple purposes consent should be given for all of those purposes.
- Consent should not be considered freely given if the data subject has no genuine or free choice.
- Silent consent, pre-ticked boxes or inactivity should not constitute consent.
Digital Marketing Companies Should Know – GDPR Law
- All opt-out consent boxes must be replaced by opt-in
- Collection and processing of data to deliver your core service e.g. fulfil orders can continue unchanged, but if you wish to use historical data for marketing purposes, you need consent.
- Personalised ad targeting based on an individual’s specific behaviours, such as that offered by many programmatic media companies, is illegal without active content.
- Targeting based on broad interest-based audience segments is permissible so long as individuals cannot be identified.
- The purchasing or sharing of personal data such as email lists is prohibited unless each person in the list has expressly permitted their details to be passed on to third parties. Event organisers, for example, can no longer share lists of attendees with sponsors.
- Where data must be passed to another organisation for legitimate business reasons, you should ensure they are also compliant with GDPR. This is particularly important if data is passed to organisations outside the EU who may be less familiar with its data protection obligations.
- Your customers now have the right to ask what data you hold and to have their data deleted permanently.
Any breach of personal data integrity e.g. through theft, hacking, or incompetence must be notified to the authorities within 72 hours.
- Organisations should audit who has access to personal data and ensure they are aware of their GDPR security obligations.
Connect with Service Provider
Get connected within 24 hours to pre-screened, trustworthy and small business friendly service providers for Services in top Indian cities