It’s now just over a month to go until the much anticipated GDPR comes into effect, and it’s important that you’re ready. The General Data Protection Regulation (GDPR) is the European Union’s new legislation to protect the personal data of EU citizens and applies to any organisation that operates within the EU or with EU data. The new rules will become law on 25th May 2018 and the new measures are designed to strengthen data protection for people across the EU, as well as addressing the transfer of their personal data to other countries.
Personal data is not just names, email addresses and dates of birth, it may include photographs, ID numbers, location data and online identifiers (IP addresses/cookie identifiers). Failing to comply could lead to fines of up to €20m or 4% of your global annual turnover, whichever figure is larger. However, failing to comply is not just a financial matter, it could have an impact on your company’s reputation.
At bd2 we are not expert advisors in GDPR, nor are we lawyers, but like many others, we have researched the changes and are preparing for the new legislation for ourselves and our clients.
Where do you start?
As a creative and digital marketing agency, our starting point was to ensure our own team was fully aware of GDPR and what it means to both our business and to our clients. This is a worthwhile exercise as whilst you may have certain individuals responsible for this area, it should be recognised company wide. For us this has involved attending seminars and participating in online webinars, sourcing specialist advise from experts and continuous research.
From here we would recommend conducting a review of your current situation by carrying out an impact assessment and review of all data. Carry out an information audit to map data flows and document what personal data you hold, where it came from, who you share it with and what you do with it. Once you have made this assessment, you should identify key people within your company, who can take responsibility for each area.
If you don’t already, you need to start to maintain records of processing activities detailing what personal data you hold, where it came from, who you share it with and what you do with it. You then need to ensure you have procedures in place to inform your staff on how to manage information you hold. The key principles behind the new rules are fairness, transparency and confidentiality in handling personal data for both clients and staff, so it is therefore vital to carry out an analysis of all your data to ensure it complies with these principles.
The ICO (Information Commissioners Office) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals and is the key body to refer to for further information on GDPR. The ICO website is a useful and reliable information source - https://ico.org.uk
Communication with your customer base is an essential part of getting your business GDPR ready. At bd2, we prepared a document which aimed to answer any questions our clients may have, along with a brief outline of what we are doing as a business to ensure we are becoming fully compliant.
Another key element of preparing for GDPR is ensuring that your future administration processes are in order. These might be HR processes, consent forms, client and supplier contracts and any other instances where you collect data.
How will GDPR impact on marketing?
GDPR will mean that we end up with smaller databases, but the data will be more targeted, which in turn means more engagement. Social media algorithms favour brands with content that achieves high levels of engagement, therefore those brands will then be rewarded with more exposure.
Brands that become fully GDPR compliant will differentiate themselves from others in the market. The new regulations have been introduced to protect consumers and therefore consumers are more likely to trust a brand that is aware of data privacy and security.
There is also likely to be SEO benefits as search engines, such as Google, will favour websites that prioritise data privacy and build it into the design of the site.
GDPR is in place to protect the consumer and their experience, ensuring that they don’t get an email they didn’t ask for, and helping them to move away from brands they are no longer interested in. In the short term, having to implement new measures to ensure you’re compliant might seem daunting, but the payoff will be much happier, better engaged customers, as well as a strong brand reputation. GDPR will encourage a ‘customer-first’ approach which can only have a positive impact on any business.