The General Data Protection Regulation (GDPR) has been made with the intention of strengthening and unifying data protection for individuals within the European Union. Although Britain has voted to leave the EU, Article 50 is yet to be signed so we are still bound by EU regulations. In fact, forecasters have predicted that it’s unlikely we’ll be able to leave the EU in a hurry, with GDPR being in full force by the time we do.
This means that UK organisations will have to comply with the GDPR, just as they did with the ‘Cookie Laws’ – although the implications and responsibilities are more demanding and rigorous –it’s something you can’t ignore. Here’s a high level overview of the General Data Protection Regulation and why you should take notice of it immediately.
Firstly, the regulation applies if organisations are processing personal data or the person is based in the EU. Personal data is described as any information relating to an individual – whether in their private, professional or public life, i.e. a name, email address (both personal or work), photo or social networking posts etc.
There are three main principals to adhere to GDPR:
1. Responsibility and Accountability It is the responsibility of organisations for a data governance strategy that adhere to GDPR standards as a minimum and they will ultimately be held accountable for breaches of the GDPR with support by significant financial penalties.
- Privacy by Design and by Default requires business processes to be developed with data protection front of mind.
- When risks occur to the protection of personal data, a Data Protection Impact Assessment must be conducted.
- Persons have to provide valid consent for data to be collected and used.
- Organisations must be able to prove opt-in.
- The ability for persons to withdraw consent at any time must be provided.
3. Right to Erasure
- Persons have the right to request all of their personal data to be erased on a number of grounds of non-compliance if the organisation is deemed to be unlawfully using their personal data.
So why should all this matter? Well, the associated sanctions are pretty substantial. Organisations that are found to be operating outside of the GDPR can be fined up to 4% of their annual turnover (20,000,000 EUR max).
GDPR's effect on Marketing and the role of Marketing Automation
Ultimately, marketing will be the vehicle to support GDPR - data management will become increasingly prevalent in digital marketing and more important than marketing automation features such as lead scoring. It will also soon be the foundation for reputation and brand management.
Although a daunting prospect for some, marketers should not fear – marketing technology is the key to adhering to these regulations. We recommend starting with a ‘marketing technology spine’, the core to a successful marketing technology stack – A Content Management System, Marketing Automation Platform and Customer Relationship Management working together seamlessly.
Once the marketing technology infrastructure is in place, these 3 key features will be the vehicle to support GDPR:
- Preference centre
- Subscription management
- A closed loop system
A preference centre - hosted within a Marketing Automation environment – provides prospects and customers a choice as to the information and content they receive, and the ability for them to unsubscribe at any time.
GDPR states that explicit consent is required to receive your marketing communications and subscription management is the key to this. This can be achieved by adapting an existing preference centre or by hosting a separate subscription page within your Marketing Automation environment.
A Closed-Loop System
The marketing technology spine enables a closed-loop system to keep control of a person’s interests and their right to be contacted. Ultimately, marketing needs to understand and have a say in the recording, flow, architecture and security of data and information in exactly the same way the IT function manages the application architecture.
To understand how CleverTouch can support your organisation in getting ready for GDPR, you can get in touch here.