This is a question lots of marketers have been asking recently – What is GDPR and how does it affect me? We’ll start from the beginning and keep it as simple as possible…
GDPR stands for General Data Protection Regulation and is an EU regulation for strengthening data protection. It’s due to be implemented in May 2018.
I expect you're thinking 'well, Brexit is coming so we don’t need to worry about it'. In actual fact, if the UK wants to continue to trade with the EU post-Brexit, our data protection will need to mirror the EU, so chances are it's still going to apply.
The reason for the new regulation is simply that the current Data Protection Act is deemed too old and outdated to cut it in this technologically and digitally advanced world.
The new regulation will impact various different areas of our lives, mostly without us even realising, however the four main changes we’ll see are:
- Opting-in for marketing materials must be transparent and remain unchanged.
- Consenting to marketing communications has to be recorded, verified and unambiguous.
- It is hoped that this new approach will strengthen the one-to-one relationship a consumer has with brands they love. There may be fewer opt-ins, but the ones there are will be double the value.
- Opt-in consent must be given via a tick box on a website, verbally on the phone or by choosing to accept a cookie (this one is key for conversion tracking in social advertising).
The third point is interesting for digital marketers as it presents an upside to what may feel like very restrictive changes: you will see fewer people appearing on your subscribe lists, but those that are on the list are much more likely to open your communications, read and engage with it.
This move towards creating mutually beneficial relationships for all marketing communications reflects a position we've always understood in social media - that fans are in control and can unfollow or unlike with a single click. Because consent is present in nearly all social media communications already, GDPR is likely to have less direct effect on social media marketing.
That said, the overwhelming advice from all sides is to review the new requirements, review your existing data processes and assign someone with responsibility for maintaining compliant data records.
You may be thinking that these changes won’t apply to you and you can ignore them, but the feeling is that GDPR is a genuine step towards tighter regulation. Implications for those who ignore or breach it's terms could be costly with a maximum potential fine of £17million, or 4% of your global turnover.
To ensure you’re ready for the looming changes, the Information Commissioner’s Office has put together a useful checklist which can be found here. There is also a very handy summary from Bird & Bird solicitors here. It's well worth a quiet read.