Now that you know what the GDPR means for your data-driven marketing business let’s take a deeper dive into how to ensure compliance. You likely work with a variety of data types, but namely, first-, second-, and third-party data. Here’s how to work with this data while remaining GDPR compliant.
This is data pursed from your owned channels, including customer data held in your CRM, behavioral data gathered from your website, campaign data (such as impressions, clicks, and opens), and much more. This is the data that you’ve collected freely about your customers — it’s the information that you own about your customers.
With regard to GDPR compliance, this is the data that you are most able to control. First-party data offers the clearest path to consent. Through your owned channels, you are easily able to ask for consent from current and potential customers via email, mobile, or social channels.
Once the GDPR is enacted, these one-on-one customer data interactions will become an even bigger part of your data-driven marketing strategy.
This data is simply someone else’s first-party data. If you are working with a brand partner or another company, you may use their first-party data in your advertising and marketing campaigns. For example, you may want to target specific messaging to their customers based on region. Under GDPR, you will need to ensure consent from these new customers to use their regional data.
Ensuring GDPR compliance with second-party data may be difficult or easy depending on the nature of your partnership. Your partner should be able to use their owned channels, including email or mobile, to clearly and transparently ask their existing customers for consent.
This data is usually aggregated information from multiple external sources. Though it offers you wide scale and accessibility to information, it is also the most difficult to ensure GDPR compliance. For starters, it can be difficult to determine the exact source of third-party data. In fact, consent is highly unlikely, unless the original data source is itself compliant. Look to work with vendors who have fair and transparent data collection policies. But unfortunately, the GDPR may severely impact your use of third-party data, and will place greater importance on building one-on-one relationships through the use of first-party data.