GDPR for marketers: What do you need to know?

How will new regulations on data affect an organisation’s marketing efforts?

The General Data Protection Regulation (GDPR) has arrived, full force (pretty much) and although the effect it'll have on the majority of businesses is yet to be realised, one of the major sectors it'll impact straight from the off is marketing.

The ICO is already pretty active in fining businesses that don't comply with the UK's existing Data Protection Act and there are numerous examples of this - including a penalty for a PPI firm that made 8.7 million unsolicited calls to those who were completely unaware of their services. That particular company was charged 300,000 for non-compliance.

But the GDPR will significantly increase the value of fines. In fact, businesses could be charged up to 20 million, or 4% of a company's global turnover (whichever is higher) if they fail to comply with the new regulations - a vast amount of money for any company, let alone a small business and certainly enough to put a company into administration.

Marketers are likely to be one group targeted harshly by the ICO and so it's vital anyone in marketing carefully considers what their duties are and how they can make sure they sit on the right side of the law when it comes to data privacy.

Obtaining consent

One of the most important points of GDPR is that data must only be collected for a specific purpose and that purpose must be made crystal clear to those you're collecting data from.

Although it makes the process of collecting data more difficult, it will ensure that the customer will only receive emails they have opted in for, that they are happy to receive. If you want to use the data for a purpose other than that specified, you will have to gain further consent.

Another factor is explicit and informed consent. EU residents must give this type of consent and thus rules out the use of pre-checked boxes or any attempt to get a form of implied consent.

Constant plays a big role in digital marketing. The data controller and processor has to adhere to a clear set of restrictions. The rules around consent is that it is "freely given, specific, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to him or her".

What is personal data?

What constitutes personal data is greatly expanded from previous definitions enforced by the UK. It now includes identifiers such as IP addresses, cookies, mobile IPs and even search engines searches. This will be an issue for marketer's digital efforts as cookie are not generally collected with a person's consent.

GDPR also applies to automated personal data and to manual filing systems where personal data are accessible according to specific criteria. 

The EU: in or out? 

It also won't matter that your business is outside the EU. If you have any personal data on EU residents, your organisation needs to comply with the rules. Personal data may only be transferred outside of the EU in compliance with the conditions for transfer set out in Chapter V of the GDPR.

Making sense of it all

With it makes sense for marketers to put compliance efforts front and centre of their efforts to protect and use customer data. It will likely present a temporary issue for marketers. This means a changed approach to database building, data management, and the collection of consumer data.

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

How the right software can improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Synology DiskStation DS2422+ review: A cube of great capacity
network attached storage (NAS)

Synology DiskStation DS2422+ review: A cube of great capacity

10 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022