Intelligent Marketer Podcast Episode 16: How GDPR Impacts Marketers w/ Michelle Miles
Eric Westerkamp |
Unless you haven’t picked up a newspaper or opened the internet in the last eighteen months, you’ve likely been hearing a lot lately about the upcoming implementation of a new European data privacy law.
The General Data Protection Regulation, or GDPR, goes into effect on Friday, May 25th, 2018, and is a complete overhaul of the EU’s personal data privacy regulations.
According to a recent study, 57% of Europeans don’t trust brands to use their data properly, and 2 out of 3 Europeans said that they’d share more personal information if companies were just more open and transparent about how they were going to use and collect personal data.
You may be thinking to yourself, “Well my company isn’t located in the EU, so what impact is GDPR going to have on me and my business?”
More than you might think. GDPR is going to have a wide-reaching impact on marketing, sales, retail, and IT companies worldwide.
On a recent episode of The Intelligent Marketer, we sat down with Michelle Miles, VP of Consulting Services at Perkuto, for her take on how GDPR is going to impact marketers.
What is GDPR?
It’s not just for emails, but for all personal data. Names, email addresses, PCI, PII, anything that makes someone personally identifiable.
And it’s not just for companies based in the EU. GDPR applies to where your company is doing business, not where your company located. So if you’re located in Detroit, but have global business, GDPR is something you need to be aware of.
The fines for violating GDPR are straightforward as well, to the tune of 20M Euros, or 4% of your company’s global revenue, whichever is larger.
That means if you’re a 10B company, you could be looking at up to a $400M fine. So you can see why GDPR is a big deal.
Oliver Wyman predicts GDPR will hit 6B in the first year, and that half of all companies globally will receive fines. PwC estimates that 77% of large US corporations plan to spend more than $1M on GDPR preparations.
Are you convinced that you should be taking GDPR seriously yet?
Consent is Key
GDPR is all about consent. The individual has the right to tell you what you can and cannot do with their data, and the right to request certain things be done with their data as well.
You have to be able to honor requests from the consumer such as:
exports of their data
fixing inaccurate data
Informing them of how data will be used
Informing them of data breaches within 72 hours of discovery
Removing them from all databases.
Consent pertains to all personal data, not just email. An email can constitute consent, but companies must capture explicitconsent, not just implied consent.
Let’s say you go online and order a pizza. You want to check out as a guest, not create an account, so you enter your email address. The company has the right to use that email address to confirm your order, but they cannot use that email address to follow up with marketing offers.
You did not consent to receive marketing emails.
It also means that you cannot require opt-in to gain access to content. Meaning you cannot require someone to opt-in to marketing emails to download an ebook, or a white paper.
The bottom line is this: If you use customer’s data in an unexpected way, or a way that goes beyond your initial reason for gaining access to it you could be violating GDPR
Where Should Marketing Leaders Start?
So where do you start?
First thing’s first. Start with a database audit. This will allow you to assess the magnitude of GDPR compliance, as well as help you quantify the costs if you have to delete EU records.
Isolate and delete old or dead records that you have no intention of marketing to. There’s no sense in being fined for data that you weren’t going to market to anyhow.
Nobody wants to be fined, or lose their ability to do business globally. GDPR is complicated and complex, but thankfully there are a plethora of resources available to help you navigate this new law.