The EU’s General Data Protection Regulation will officially commence on May 25, 2018 — which means, you, our current and potential partners, have five months to make sure your businesses are compliant. The GDPR impacts all EU citizen data, regardless of where they live or where the business parsing that data resides. Data-driven marketers in the United States must ensure compliance with a new set of consumer protections or risk major penalties and fines.
However, more important than the fines, is building a better relationship with your customer. GDPR-compliant marketers will maintain positive and trustworthy interactions with their consumers, leading to increased opportunities to drive customer engagement and retention. For example, if a customer knows exactly how a business is using their data, in addition to whatever marketing-related perks they may receive (e.g., a loyalty reward program), they will be more inclined to opt into future engagements with that brand.
So, here’s everything you need to know about the GDPR, how it will impact your data-driven marketing, and how to start working toward compliance.
What is the GDPR?
The GDPR is just the latest in a series of EU parliamentary measures designed to protect personal data. Unlike the US, which favors the rights of businesses, the EU is aggressive in its pursuit of individual protections and consumer privacy.
In May 2018, all businesses that handle EU citizen data will need to provide those consumers with ways to “control, monitor, check, and, if desired, delete any information pertaining to them,” according to Martechtoday.com.
How will this affect my data-driven marketing?
The biggest policy measure that will impact your business involves consent. All usage of first-, second-, and third-party data will be impacted by this regulation. Your business must provide clear and easy ways for consumers to consent to the use of their data, as well as an easy way to revoke consent at will. Failure to comply could result in hefty fines, up to 4% of global revenue. Yes, you read that right.
Ok, what’s next?
Your first step is to assess your data, by party, and identify the best process for obtaining consent. In our next blog post, coming after the holiday, we break down exactly how your first-, second-, and third-party data can be better compliant.
Next, identify the desired marketing use cases for your data, including how long you intend to keep the data and ensure you keep it up-to-date.
Once you have an idea of what data you have, and how you plan to use it, you must ensure its protection. The GDPR requires some companies to have a dedicated person, outside of normal IT personnel, to ensure compliance, called the Data Protection Officer (DPO). Regardless, your data security will need to be re-evaluated. The GDPR recommends pseudonymization over anonymization for encryption. Read more about that here.