With the General Data Privacy Regulation (GDPR) in effect as of May 25, 2018 there’s been a fair amount of press around this new regulation. GDPR gives European residents more control over how their personal data is collected and used online. Any company that conducts business within the EU must understand and comply with this regulation or face steep fines. So how will GDPR specifically impact digital marketing? We believe it largely comes down to transparency and consent.
Who Does It Apply to?
GDPR does not only apply to European companies. Any company (regardless of where it is based) that conducts business in the EU, or who has employees who work in the EU, markets themselves in the EU and/or collects data about site visitors from the EU must comply with GDPR. In addition to your own company or agency, take a hard look at the organizations you partner with (e.g. other agencies, marketing automation companies), and ensure they are also in compliance with GDPR.
Transparency
Under GDPR, a website’s privacy policy needs to be very explicit about what data is collected and why, how it will be used and whether or not it will be shared. In addition, the policy must be spelled out in very simple language. Also, under GDPR, companies must disclose a data breach within 72 hours.
Consent
Under GDPR, companies cannot store “personal information” or “personal data” without a user’s informed consent. It’s important to note that the GDPR definition of “personal” data is broader than the “personally identifiable information” (PII) generally used in the US and includes not only names and email addresses, but also IP addresses and cookies. We recommend auditing your Google Analytics profiles to ensure you are not collecting PII, and editing the GA code to anonymize IP addresses (in Google Tag Manager there’s a checkbox option for this).
With email marketing, ensure that all contacts you are emailing have opted in and that you make it very easy for them to unsubscribe. A double opt-in isn’t required under GDPR, but it’s a good practice to follow since it helps to confirm that the contact has agreed to receive future content from you. If you’re not absolutely sure about the status of your current email lists, consider sending a note asking subscribers them to opt-in to continue receiving your emails.
For any forms, like newsletter or webinar signups or access to gated content, be sure that there are no pre-checked boxes and that it is very clear what users are signing up for. As an example, a newsletter sign-up form might include fields for name, company and email, but if you’d also like to send newsletter registrants other updates from time to time, you must get consent. On the same form you could add a checkbox (not pre-checked) with the text: “Yes, please keep me updated on [company] News and Events”.
View GDPR As An Opportunity
The General Data Privacy Regulation provides an interesting incentive for marketers. The challenge is to craft and offer content that is appealing enough that visitors will opt to continue engaging with your website and your brand. Look at GDPR as an opportunity to reexamine your content marketing strategy and achieve greater visibility and engagement.
