Is your LinkedIn feed filled with free briefings on the General Data Protection Regulation (GDPR)? Do you have a nagging feeling you are meant to understand it and what it means for your business and website?
Although a change in European regulations sounds rather dull compared to the exciting world of digital marketing, the fact is this legislative party pooper may have the power to stop your business in its tracks.
If you have a database of contacts for email marketing or are offering a personalized digital experience to your customers, it means that you are gathering personal information. After May 2018, what you do with that personal information becomes a matter of compliance. And if you don’t comply, your company is vulnerable to extremely high penalties. Under the new rules, the maximum fine for data breaches in the UK will rise from £500,000 to €20million or 4% of global turnover.
We have seen some our clients respond by formalising the compliance role by recruiting Data Protection Officers. However, as this role often sits between Legal and IT, marketers are not always in the loop.
The best way for digital marketers to approach GDPR is to see it as an opportunity to improve and refine the quality of your personalization offering. Responding to both the GDPR and your customer requests for greater control over their personal data will do more than keep you compliant but also keep your digital experience fresh and responsive.
Some headlines about GDPR to note include:
- Erasure – you will need to allow your customers to remove personal data from your systems and demonstrate you have done so.
- Consent – communications, campaigns, web and mobile applications must ask for and store consent so you can no longer rely on soft opt-in processes. You will also need to ensure that consent can be captured, stored and is auditable.
- Privacy and security – take a look at how you store personal information. Where is your customer data? You may need to review your approach to database building, data management, and the collection of consumer data in order to avoid leaks or breaches.
- Pseudonymization – a process for making your data neither anonymous nor identifying. This can be done by separating data from direct identifiers so that a connection to an individual is not workable.
- Third-party vulnerability – How secure are your hosted applications? Even if your ecommerce function is provided by a third-party or cloud platform, if there’s a breach you might still be at risk of non-compliance.
Rather than see GDPR as an expensive headache, a number of Clerkswell clients are turning it into an opportunity to improve the quality and usefulness of their digital offering. By concentrating on collecting and managing valuable and legally compliant information, good data governance can help you help your clients build trust in your brand.
To learn more about how to determine your best compliance strategy, assess your GDPR readiness or execute your GDPR roadmap contact firstname.lastname@example.org