AuthorPaul McElhatton DIGITAL MARKETING AND GDPR: ESSENTIAL KNOWLEDGE FOR DIGITAL MARKETERS.The General Data Protection Regulation (GDPR) comes into place on the 25th May 2018. The new law seeks to strengthen the rights of individuals in relation to personal data relating to them which is collected and processed by organisations. It also places increased obligations on the organisations collecting this data. This article sets out some of the key areas for Digital Marketing and GDPR. Marketers and Digital Marketers have long viewed personal data as a cornerstone of effective campaigns. It is an essential tool to recognise site visitors and to target the right person with the right message. Marketers have always created clever means to obtain your personal data with competitions and sign-ups for ‘exclusive’ reports. GDPR will mean stricter rules relating to an individual’s consent to how this data is used. With non-compliance fines of up to 20million Euro or 4% of an organisation’s annual turnover it is essential to understand the new relationship between Digital Marketing and GDPR. New obligations for Digital Marketing and GDPR.GDPR defines key terms in relation to what is ‘personal data’ and ‘consent’. Personal Data relates to any information that can identify an individual directly or indirectly, it includes name, identification number, location data, online identifiers, or anything related to ‘physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’. Whilst Consent from the data subject refers to a ‘freely given, specific, informed and unambiguous indication’ by the data subject of their agreement to process this data. Digital marketers will be affected in areas such as email marketing and re-marketing, but also in relation to advertising on social media platforms such as Facebook who allow contact uploads for the creation of custom audiences. Key areas for Digital Marketing and GDPR.In relation to Email Marketing it is possible to continue using existing databases. However, it shifts the onus for the marketer to show that the customer proactively opted in to receive marketing emails. This means more specific opt-in functions with a variety of options allowing the customer to select exactly for which purposes you may contact them. Data security is another key tenet which will require the many marketers still operating excel databases to move the data to more secure cloud based storage. A data breach in 2015 from pub chain JD Wetherspoon saw the company lose the data of 656,723 customers, this led the chain to stop the practice of email marketing and delete their entire database ahead of GDPR. For marketers with existing databases the problem remains how to cleanse existing data that was obtained prior to the new regulations. In an apparent attempt to become GDPR compliant UK airline Flybe sent emails to advise customers to amend out of date personal information and update marketing preferences. As a result, they were deemed in breach of existing UK data protection laws which deemed that “Sending emails to determine whether people want to receive marketing, without the right consent, is still marketing, and is against the law”. In this sense ‘Consent’ may replace ‘Content’ as king in digital marketing terms. It is essential to demonstrate how and who gave consent, the ease and ability for a customer to withdraw consent, that consent has been obtained for all purposes that data is processed, and that the consent has been gained proactively as opposed ‘implied consent’, such as pre-ticked boxes. Companies such as Mailchimp recommend a double opt-in option, whereby customers would receive a follow-on email with a link to confirm their opt-in. The Digital Marketer’s responsibility. Processor or Controller?GDPR identifies the terms ‘processor’ and ‘controller’ in relation to entities who will handle customer data, the two terms place a different level of responsibility. Essentially, processing is the collection, managing, use and storage of data. GDPR places the responsibility for the collection and revoking of consent, and providing access to information upon the Controller. Typically, a company that collects their customer data is the controller, the data is passed to a third party which may include a Digital Marketer to email and track engagement, thus becoming the processor. As such, it is generally the duty of the controller to pass on data requests (such as revocations) and ensure that the processor acts on this information. It is important for the digital marketer to identify which they are in relation to their client, their CRM and social media channels on which they advertise. It is also important for marketers to ensure that third party tools and marketing technology providers are GDPR compliant. The manner how we operate CRM systems will be subject to change. For example, based on the principle of the ‘right to be forgotten’, data will now have to be erased, whereas it may have been marked ‘do not contact’ before. Social Media and GDPR.With stringent new rules in place about email and email marketing, building a strong social media presence and paid social media advertising will be increasingly attractive to digital marketers. The main platforms have been quick to review their privacy statements in relation to GDPR. Facebook acts as controller for advertising based on information from users and data from its PIXEL. As such, for the creation of lookalike audiences for advertising, Facebook remains controller as a Digital marketer will never have access to this information. Facebook are protected through the terms and conditions accepted on the creation of user accounts. However, digital marketers will remain responsible for compliance for data files provided for the creation of custom audiences or the use of Facebook measurement and analytics. Similarly, Mailchimp has created additional terms of use in relation to the transfer of data to Facebook ads, requiring subscriber consent. Conclusions. The relationship between Digital Marketing and GDPR.GDPR signifies a massive shift for Digital Marketers. There will also be effects on areas such as re-targeting and a need for future tech systems to have ‘privacy by design’ functions built in, ensuring data compliance and data protection. Individuals will also have the right to; access their personal data (right to access), request the erasure of their data (right to erasure), the right to access data in an electronic format (data portability), and, the right to be notified of a data breach within 72 hours. According to Stephen White of Digital Marketing Magazine, ‘responsibility needs to be demonstrated to tackle the inherent mistrust and expectation consumers have about the companies they buy from’. Any company that handles customer data should start by moving their data to a secure location, contacting providers of technology such as CRM and cleansing data. As digital marketers we should conduct a privacy risk assessment, clearly demonstrate our accountability, identify any data transferred out of the EU, and conduct a full audit of our supply chain. ReferencesAskari. F. 2017. GDPR and Digital marketing: What do you need to know?
http://blog.strategic-ic.co.uk/gdpr-digital-marketing-what-do-you-need-to-know Baxter. M. 2018. GDPR: Legitimate interests of the controller or third party. http://digitalmarketingmagazine.co.uk/gdpr/gdpr-legitimate-interests-of-the-controller-or-third-party/4794 Brooker. B. 2017. Stay legal: Essential Data Protection Know-How for event organisers. https://www.eventbrite.co.uk/blog/data-protection-for-event-organisers-ds00/ Diaz. E. 2016. The General Data Protection Regulation expands the definition of personal data https://theodi.org/blog/the-general-data-protection-regulation-expands-the-definition-of-personal-data Data Protection Commissioner. 2017. GDPR for individuals http://gdprandyou.ie/gdpr-for-individuals/ http://gdprandyou.ie/resources/ Edwards. L. 2017. JD Wetherspoon purposely deletes entire mailing list https://gdpr.report/news/2017/06/30/jd-wetherspoon-purposely-deletes-entire-mailing-list/ Facebook Business. 2017. What is the General Data Protection Regulation?. https://www.facebook.com/business/gdpr GDPR-EU. 2017. Data Controllers and Processers. https://www.gdpreu.org/the-regulation/key-concepts/data-controllers-and-processors Intersoft consulting. 2017. Art. 4 GDPR Definitions. https://gdpr-info.eu/art-4-gdpr/ Irwin. L. 2017. Flybe fined £70,000 for breaking the PECR while trying to prepare for the GDPR. https://www.itgovernance.co.uk/blog/flybe-fined-70000-for-breaking-the-pecr-while-trying-to-prepare-for-the-gdpr/ Jones. C. 2017. GDPR & Digital Marketing: What You Need To Know https://blacktypedigital.com/online-advertising/gdpr-digital-marketing/ MAILCHIMP. 2017. The General Data Protection Regulation (GDPR). What it is, what we are doing, and what you can do. https://kb.mailchimp.com/binaries/content/assets/mailchimpkb/us/en/pdfs/mailchimp_gdpr_sept2017.pdf?_ga=2.184564201.1174557241.1518726438-761461506.1518726438 MacDonald. S .2018. GDPR for Marketing: The Definitive Guide for 2018 https://www.superoffice.com/blog/gdpr-marketing/ Smart Insights. 2017. A long road ahead for Direct & Digital Marketing under the General Data Protection Regulation (GDPR) https://www.smartinsights.com/marketplace-analysis/digital-marketing-laws/long-road-ahead-direct-digital-marketing-general-data-protection-regulation-gdpr/What is the General Data White. S. 2018. Accountability must inform a new marketing mindset under GDPR http://digitalmarketingmagazine.co.uk/gdpr/accountability-must-inform-a-new-marketing-mindset-under-gdpr/4793
0 Comments
Leave a Reply. |