B2B Marketing Zone

How Marketers can Take Action on GDPR Today

How Marketers can Take Action on GDPR Today

How Marketers can Take Action on GDPR Today

It is less than a year until the new EU-wide General Data Protection Regulations (GDPR) come into force. Starting May 25, 2018, organizations could face potential heavy penalties for misuse of consumer data in a bid to give EU citizens better control of their personal information. According to a recent survey from the Direct Marketing Association, around a quarter (24%) of companies have yet to start a plan of attack, while only a little over half think that their organizations will be ready for the 2018 deadline. But what does the GDPR really mean for marketers and how can you take steps to address it now, so you don’t leave it too late?

What the GDPR means for marketers

The purpose of the GDPR is to unify data privacy principles and practices across Europe, giving EU citizens more control over their data and increased capacity to dictate how organisations may use that data. If you have an EU data subject that you are marketing to, then regardless of where you are located in the world you will have to comply with the GDPR.

Previous EU directives addressing customer data were more like digital rules, and have been interpreted in many different ways by different EU member states – some countries, such as Germany, have much more restrictive interpretations of existing methods than others, like the UK. Conversely, the GDPR is a law, meaning that all countries will have to abide by it in the same way.

The GDPR is the most comprehensive law coming into effect for the last 20 years, and will affect every company in some way, shape or form. It will most certainly have a dramatic effect on digital marketers. To begin with, there will be a lot of confusion. Can you track someone using their data? Can you share this data with third parties? If a customer wants to leave, do they have the right of erasure, and will companies have to return certain data? At the moment, it’s a very grey area, especially as the definition of personal data has been expanded to include online identifiers such as cookies and IP addresses. However, it is also a chance for marketers to reassess the data value exchange between business and user, and I believe it will ultimately lead to better digital marketers.

What should companies do to prepare for the GDPR?

If you’re a marketer in any sector, it’s important that you are thinking about your current data acquisition and customer contact practices and how these need to be adjusted in order to meet compliance. Come May 25th, companies will need to show that they are working to comply with the regulations, and those found non-compliant could very well be hit with a substantial fine.

The first thing I would advise marketers to do today is research how the GDPR affects them and their company, and re-evaluate their outreach and onboarding strategies. The essential thing to establish is that a consent trail exists so that it’s clear which data your customers have agreed to share.

Reviewing who is responsible for obtaining consent

Once you’ve reconnected with your customer database to ensure their consent statements will be GDPR-compliant, the next step you as a marketer can take today is to review contracts. Companies’ contracts will need to be updated within the media supply chain to clarifying exactly who has the obligation to obtain consent, and also who has the obligation to provide transparent information about how customers’ data is used.

Each country will have a Data Protection Authority (DPA) that will coordinate GDPR compliance; in the UK, the Information Commissioner’s Office (ICO) is that body. They have a lot of great information that will provide you some insights on what is required and how to prepare for the new rules of the digital road.

As a result of all the confusion and dread around the GDPR, the directive will definitely take some time to get used to. However, marketers must remember that it could ultimately improve the customer experience, which in turn will make us better digital marketers in the long run.

This post was written by David Fowler, Chief Privacy & Digital Compliance officer at Act-On and originally published here.

Prepare for the GDPR with this checklist


David Fowler serves as Act-On Software's Head of Digital Compliance and Industry Relations. He has over 20 years of experience in the marketing industry, including the last twelve years strictly focused on the issues associated with the digital channel including, email marketing, deliverability, social media, mobile, integrated marketing, marketing automation and digital privacy compliance. David is a seasoned speaker, and email deliverability and privacy consultant with national and international engagements that include: Online Trust Alliance (OTA and Board Member), Email Services and Provider Coalition (ESPC and Board Member), International Association of Privacy Professionals (IAPP), Federal Trade Commission (FTC), InBox East and West, Inbox/Outbox – London, American Marketing Association, Messaging and Anti Abuse Working Group (MAAWG) – US and EU, TRUSTe, Privacy and American Business and the Email Insider Summit. 

 Prior to joining Act-On, David held US- and European-based senior management positions focused on Deliverability, Email Privacy, Sales, Marketing, Business Development and Product Management with such companies as MarketFish, Lyris Technologies, Blue Hornet / Digital River, Yesmail, XO Communications, KPNQwest, Qwest Communications, Electric Lightwave, GST Telecom and MCI. Reach him on Twitter: @oregonlimey