If you’re a marketer or an entrepreneur you’ve probably heard about GDPR. As it’s working since 25th May 2018, you’ve most likely had to implement some of its rules in your website or marketing activities. Nevertheless, if you’re still not sure which aspects are influenced by this legislation, read our brief guide.
What is GDPR?
General Data Protection Regulation (GDPR) “can be considered as the world’s strongest set of data protection rules, which enhance how people can access information about them and places limits on what organizations can do with personal data“. GDPR regulates how companies can collect, process, and use personal data from EU individuals. GDPR requires transparency about the data companies collect, much like how the Corporate Transparency Act in the US requires transparency (filed with a FinCEN Report Company) about business ownership.
It’s crucial to understand that GDPR applies also to organizations outside the EU, as long as they use EU citizens’ data.
What does GDPR mean for marketers?
Asking for permission
To be compliant with GDPR your company must ask users for permission to collect their personal data. Let’s dig into that for a clearer understanding.
Personal data is any information that enables identifying a person. In addition to obvious personal data such as name, address, payment details, etc., the term personal data included in GDPR covers more aspects. For example, such personal data can be a dynamic IP address or certain cookies.
Collecting data requires express consent. Express consent is the opposite of implied consent when a company assumes a customer would give consent if they’d ask for it. In this case, organizations still should provide an opt-out option (for instance an unsubscribe button in a newsletter). GDPR defines consent as “any freely given, specific, informed and unambiguous […] clear affirmative action“. In practice, it means that companies must ask for permission to collect data, and consumers need to understand the terms and give informed consent.
Entities should ask for permission in case they’re using data for non-essential activities, such as:
- sending marketing emails
- using advertising or tracking cookies
- sharing personal data with other companies for commercial purposes
Once you collect customers’ data compliant with GDPR, your job isn’t done. Now you need to take care of its safe processing. Crucial is to use personal data of users only for purposes they’ve agreed on. If you come up with an idea to use it for some other actions, you need to obtain consent once again, specifically for that purpose.
Make sure that data you’re processing is safe and secure, meaning:
- providing safe data storage, in a way that they can’t be lost, stolen or modified
- preventing data being accessed by unauthorized people – encrypt data while transferring
- giving access to data only to people who need it, like marketers
When it comes to protecting data, especially sensitive is biometric data, like fingerprints, as well as data about children.
Enabling access to data you’re processing
The right to be forgotten is one of the essential GDPR rules. Customers have the right to withdraw their consent. Marketers have to allow users to access data about them with no fuss (again, in a secure way), and remove them if that’s what they want. Once a request to change or delete data occur, the company has 30 days to take an action.
While providing such an option think about the user experience. The goal of GDPR is to make the relationships between companies and customers more transparent. Therefore, it’s pointless to deceive users with complicated legal jargon. Respect your customers’ privacy, as well their time, and prepare simple and intuitive documents and processes that will help you be compliant with GDPR.
Use GDPR compliant tools
As a marketer, you’re probably using at least a few systems that help you execute your marketing strategy efficiently. While collecting, storing and sharing your customers’ data you need to use only software that is secure and reliable, as you’re still responsible for the data, even if you use third-party solutions to process them.
One of such tools is RocketLink. It provides a GDPR consent option to enable you to legally collect data. RocketLink is a powerful URL shortener that allows marketers to add retargeting pixels, pop-ups, CTAs and many more widgets to the links they share. Once you enable the GDPR consent option, you can be sure you collect users’ data appropriately.
GDPR has a significant impact on marketing and business in general. Fortunately, it was created to protect users’ data and it’s vital for modern societies. In the end, you won’t benefit from forcing customers to share their data unwillingly. Mutual respect and transparency are a must-have while building strong and longterm relationships with clients, in both B2C and B2B sectors.gdprprivacy