How Marketers Can Prepare for the General Data Protection Regulation
Data privacy is one of the most important topics in legal, compliance, and regulatory spheres today. When we look at the data that comes from digital and online activity, it’s a relatively new challenge. Who owns it? How should the owner manage it?
Globally, answers to that question have varied drastically. For instance, the United States is known to have loose data privacy laws while Canada, the EU, and UK are known to have strict ones. What differentiates loose from strict is how governments designate data ownership.
Enter the General Data Protection Regulation
GDPR (GDPR) is the most important change in data privacy regulation in the last 20 years. It is intended to strengthen the rights of Data Subjects—individuals who are owners of their data. After four years of preparation and debate, EU Parliament approved the GDPR on April 2016, giving industries two years to become compliant by the deadline of May 25, 2018. If you do business with any European citizens, regardless of where they live in the world, your company opens itself to potential liabilities and penalties.
But don’t be nervous. The intent behind the GDPR is to improve conversations between individuals and companies, as the world becomes more complex and inundated with data. Over time, being compliant will help you develop closer relationships with your prospects and customers, and create more effective marketing as a result.
How to Prepare for GDPR as a Marketer
Know Why GDPR Matters
GDPR gives everyday people more power and control over the data that is collected about them. Transparency between marketing teams and “Data Subjects” (aka the people you market to) is essential. With the GDPR comes a bill of rights that organizations must develop policies around and support.
Every data subject has the right to be forgotten, to receive the personal data concerning them (data portability), to privacy inherent by design, and access to data protection officers. An understanding of these basic concepts will help you develop a response program that exceeds the basic needs of compliance.
Document Your Data Policy
European regulators intentionally kept parameters of the GDPR open-ended, creating leeway for companies to build their own policies. But that leeway has a deadline. Data privacy protections will likely evolve over time. What the GDPR does is force your company to have a fundamental discussion about how you manage your data.
Start by talking to your company’s lawyer or a law firm that specializes in navigating the GDPR. Your company may come to the conclusion that, based on your organization’s goals and objectives, you may need to exit the European market. But that’s likely an extreme scenario. The more common situation is that you’ll need to revisit how you’re retaining, using, and sharing data with integration partners.
Get to Know the Law and How to Navigate It
In addition to conversations with legal counsel, two resources are available to guide you. The first is Europe’s official dedicated resource to navigating the GDPR. Treat this website as an educational resource to learn about the GDPR at a high-level:
“The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. The key articles of the GDPR, as well as information on its business impact, can be found throughout this site.”
Another resource that you will find helpful is this GDPR resource hub from Eversheds Sutherland, a leading law firm in the United Kingdom. The firm specializes in helping companies around the world turn legal requirements into executable processes. The firm works with customers worldwide and being in Europe, has a direct lens into regulation. On its education portal, the firm shares actions to take to be GDPR ready, data from a GDPR benchmarking survey, resources to download, and guidance surrounding key concepts.
How does GDPR tie back to marketing? Look into the work that your marketing automation platform has done. Companies such as Marketo have created a step-by-step guide on how to be compliant when collecting data for your marketing campaigns. The guide walks through the mechanics of consent, accountability, and data management—all key aspects of the GDPR.
Create a Culture of Accountability
Every team member should be aware of new regulations around data privacy. IT and security leaders must be mindful of permissions, roles, and partitions. Marketing systems need to maintain an audit trail of data and information flows. Encryption standards should be met to protect privacy. Well-defined audience segmentation should be done to ensure that contacts only receive the information that they’ve explicitly signed up to receive.
At Uberflip, we’ve created a GDPR team that includes key members throughout the organization. Members from product, marketing, security, and legal are all a part of this braintrust.
Use Compliance Tools to Strengthen Customer Relationships
Constraints foster creativity. And the GDPR can help you strengthen the interactions that you have with your customers. At Uberflip, we believe that personalized content experiences are the most effective way to ignite meaningful relationships. Every interaction across your buyer journey is an opportunity to share insight, knowledge, and information. GDPR forces marketers to have a conversation with their audiences about data so there are no surprises, where marketing can do its job of cultivating real relationships.
Uberflip has been working hard to strengthen our position and response plan to the GDPR. Some of our key initiatives include:
- Updating the Uberflip Privacy Policy to remove any legal jargon, to present a clear, concise message about how a Data Subject’s data is used by Uberflip as a Controller, and how we act as a Data Processor for our clients.
-
Reviewing where Uberflip passes data to other vendors and partners, to ensure that our vendors are GDPR compliant.
-
Implementing product changes to equip our clients to be GDPR compliant when using Uberflip.
-
Appointing a Data Protection Officer internally to ensure that all Uberflip data, and any vendor data, is used in an ethical way.
-
Executing processes for removing, or coordinating the removal of data from all of our systems.
GDPR will create a foundational shift in approach to how marketers build relationships with customers and prospects. Now more than ever before, companies are under pressure to connect with people rather than data points on the other side of the computer screen.
We’re looking at the GDPR as a way to empower marketers to create engaging, personalized content experiences at scale. We’re not only building compliance-enabling features, but we’re here to help companies be confident in their processes for managing personal data. Our industry needs to approach data as a fundamental human right.