We’ve looked a bit a GDPR in one of our previous papers “GDP…aaaargh!” and even referred to it being a little easier to understand what you’ll need to do if you hold databases of consumers data. The understanding might be a little easier but what you need to do is not necessarily easier!
Essentially what GDPR is coming into force to do is to give “new powers to consumers” and “new responsibilities for marketers”. If you have a database of consumer data, your customers, then you are in effect a ‘marketer’ and you’ll need to know what it all means and what to do.
Public caution has been growing over some time regarding their data and what it is being used for and with several high-profile breaches recently these new controls being given to consumers will aim to alleviate some of that caution. Come 25th May 2018 consumers will have more power to:
- Make informed decisions about their data
- Withdraw their consent for how their data is used
- Decide which cookies to enable based on their function
- Opt-out of decisions made by automated processes, like profiling
- Demand to see the personal data any organisation has collected on them, through Subject Access Requests (SAR)
- Ask organisations to delete their personal information, a.k.a. the right to be forgotten.
At the same time these new powers are offered to consumers there will be new responsibilities placed on marketers.
Consent will have much stricter rules imposed. Forget about those old pre-ticked opt-in boxes, their days are gone! You’ll need to give options to activate and withdraw consent at all times, making all language clear, age-appropriate and unambiguous.
We will all need to look at creative ways to show consumers that they can trust us and that what we provide offers value to them. Initially marketing lists will take a hit, but it is much better to have a smaller number of people on your database that want to be there, rather than hundreds of thousands of people who barely remember signing up! Over time this should all make a move towards better customer relationships.
Automated marketing is the process of making predictions about behaviour, preferences, interests and hobbies. Profiling has always been a part of what marketers do, think Netflix and their recommendations based on “because you watched…” you’ll know that can work but it can also go wrong. Consumers will be able to challenge this and even opt-out of being profiled in this manner.
Pseudonymisation is one of the ways that marketers can really help protect consumer data. It will not make you exempt from the new laws if your database is full of pseudonyms, but it will go quite some way to helping protect the identity of those on your database.
There are many decisions to make about current databases and whether you want to delete your entire database and start again, like Wetherspoon’s, or if you collected an appropriate and clear opt-in the first-time round you might just want to make sure those people are still happy and ask them to re-opt in like Manchester United have been doing over the past few months. Some organisations might even go so far as to decide whether they even need to hold their customers names?
Moving forwards, make sure your opt-ins are clear, concise, and worded so that people will understand what they are agreeing to. Offer them multiple options on the ways in which you might use their data, especially when it comes to automated marketing and profiling. Be honest on what you want to do with people’s data and respect the new powers they have and choices they will make and make sure you are aware of your responsibilities!