Only 28% of UK brand websites will be GDPR compliant in time. That’s according to a survey of 1000 UK marketers which revealed that only 28% expect their websites to be GDPR compliant by the May deadline next year.
What is GDPR?
The General Data Protection Regulation (GDPR) is a new digital privacy regulation that is being introduced on the 25th May 2018. It is a data regulation that standardises a range of different privacy legislations across the EU into one central set of regulations.
This now means that you will be required to build privacy settings into your digital products and websites and you will need to regularly conduct privacy impact assessments, improve the way you seek permission to use data, document the way you use data and improve the way you communicate data breaches.
There are three key areas that marketers need to worry about when it comes to GDPR- these are: Data Permission, Data Access and Data Focus.
Data permission
Data permission covers how you manage email opt-ins (the people who request to receive promotional emails from you). You are not allowed to assume that they want to be contacted and so in the future, they must express consent in a freely given, specific and informed way that is reinforced by a clear action.
In practice, this means that all your leads, customers and partners will need to physically confirm that they want to be contacted by you. This now means that having a pre-ticked box that automatically opts them in to receiving your promotional material is no longer allowed. In order to opt in to your emails, a deliberate choice needs to be made.
For example:
Not GDPR Compliant-
By signing up, you agree to our terms and conditions and you have read our privacy policy. You may receive emails and updates from us and you may opt out at any time.
GDPR Compliant-
- By signing up, you agree to our terms and conditions and have read our privacy policy.
- Yes, please keep me updated with news and events.
Data access
The right to be forgotten gives people the right to have outdated or inaccurate personal data to be removed from a company’s database. Some organisations have already implemented this, such as Google, who were forced to remove pages from its search engine results in order to comply.
The introduction of the GDPR policy allows individuals to have more control over their personal data and how it is collected and used. This includes the ability to access or remove their data, in line with their right to be forgotten.
It will be your responsibility as a marketer to allow your users to have easy access to their data, so it can be removed at any time.
To put this element into practice, it can be as simple as adding an unsubscribe link within your email marketing template and linking to a user profile that allows your users to manage their email preferences.
Data focus
The GDPR regulation requires you to legally justify the processing of the personal data you collect. Why? As marketers, we can sometimes collect a little more data than we perhaps need, so, we need to put more of a focus on the data we actually need and stop asking for the extras.
If you want to know a random fact about your customers, then fine, but you must be able to prove why you need that data in order to comply with GDPR. Otherwise, avoid collecting any unnecessary data and stick with what you need to know.
So, with this is mind, you may have a few questions when it comes to understanding how you can be GDPR compliant. These are just a few answers which may be able to help.
Do you need to keep proof that every individual on my list has gone through the correct process?
Yes, you must keep evidence. GDPR requires you to keep ‘provable’ consent although there is no definite definition as to what that may be.
With subject data access rights and the right to be forgotten, having all this information available will save you a lot of time and effort, especially if someone questions opting in to receive your information.
What actions can I take to make sure that my lists are double opted-in.
Double opt-in is a simple process whereby a user fills out a form and is then sent an email asking them to confirm if they are interested in receiving data.
However, if the message of consent is not clear-cut, then the email would not be GDPR compliant. As a marketer, you need to make sure that you have a clear, affirmative action from a prospect that they want to receive your communications.
How can I encourage people to go through the double opt-in process?
It’s as simple as creating valuable content in exchange for opt-in consent. By offering something of value to your users, you are more likely to receive their contact details in return.
Open content such as blogs can be useful for establishing a reputation, however when it comes to resource guides and whitepapers that carry weighty information, you should ask for double opt-in details in exchange for this.
It may appear that there is a whole load of things that need to be changed in order to be GDPR compliant. However, as marketers, we know we should only be communicating with people who want to hear from us. Creating an opt-in database isn’t as difficult as first appears and the data performs at a higher rate than you may think. Remember, GDPR is non-negotiable and has the potential to ruin your entire business, so make sure you become GDPR compliant as soon as possible.
