20 Mar Facebook and Cambridge Analytica – is data a dirty word? GDPR and marketing your business
Facebook is in hot water this week following the whistle blowing story of how a researcher sold data of 50 million users to Cambridge Analytica Seven percent has been wiped of its share price this week and, had this happened after GDPR came into effect on 25 May, the social media monolith would have run the risk of a 4% fine of its global revenue.
The social media firms face a major shake up in how they handle data in this big data world to protect users against illegal data harvesting and exploitation of data by third parties. This in effect is why the legislation was drafted in the first place. Its far-reaching impact means that all of us have a responsibility to properly handle data storage, collection and usage.
The General Data Protection Regulation (GDPR) will come into force across all European member states in just over two months. Despite Brexit the UK will still fall under this legal requirement and any company found in breach can expect to face a hefty fine – in some cases up to 4% of a company’s global annual income or £20 million, whichever is higher.
Whatever industry your business is in, if you have customers or users you will know data is everything.
Data allows you to better understand your audience enabling you to tailor your services and products accordingly. Without it your marketing and sales efforts fall at the first hurdle.
However, fear not, GDPR will not make data a dirty word. It merely seeks to put in place safeguards on how personal data is used and shared for consumer peace of mind and so that you can get on with doing what you do best – serving your customers.
While the legislation serves several business functions where data is collected, analysed and used – including human resources, marketing, staff and business development, we’ve chosen to have a closer look at the impact on your marketing activity.
Firstly, relax, you can still collect and use customer or stakeholder data. What GDPR requires marketeers to do is enable audiences to explicitly say yes to their personal data being processed.
This means tick-boxes or consent by default is no longer enough. If you’re sending out a customer questionnaire, building media or marketing lists or collecting data at point of sale, you need to make it clear and easy for audiences to tell you they are happy for their data to be used to contact them with marketing materials.
Action: If you haven’t already contacted your databases with regards to seeking an opt-in for the distribution of marketing materials such as newsletters, email marketing, sales messages, telemarketing lists etc. then now is the time – before the 25 May GDPR deadline.
GDPR doesn’t only seek to safeguard the collection of data. Companies will also need to specifically tell their audiences what will happen to the data they have. This includes data that might already be held. Open, transparent communication about how personal data is used and shared will ensure you comply.
Action: Many companies will be keeping opt-in data for 12 months and then will be seeking new permission from people – effectively this means ‘renewing’ the data to ensure ongoing compliance. Think about how you will renew your opt-ins before next May 2019 (after GDPR has been effective for 12 months and subsequently thereafter).
Inevitably GDPR is going to make it easier for your customers and stakeholders to say ‘no’ to using their personal data. This is their right and, as part of the regulations, this choice cannot affect the way you communicate with or provide a service to that individual. GDPR protects the individual’s right to withhold personal data and to comply you must respect that decision.
Action: consider which sales/contract literature you have when you sign up a new customer or client after GDPR becomes effective. Make sure you have compliant opt-in clauses so you are not prohibited from sending them marketing messages about additional products or services once they become customers of your business.
It’s not enough to get consent for the use of personal data or say how you are going to use it. You must be able to prove it.
Customers and third parties concerned about GDPR compliance can demand to see the data you hold. Therefore, detailed records are a must in case anyone seeks to track how their personal data came to be used in your marketing campaign.
Action: You may consider employing a data protection officer if your business processes a lot of data or make data recording and management a part of your marketing team’s responsibilities. If you are an SME there are freelance ‘experts’ whose services you can buy in as and when you need them. Get advice and help now if you feel unprepared.
As a minimum you should put in place a data management policy that enables all staff to understand how GDPR effects their role and how your company records and manages data.
Even if you can track consent and you have used personal data in compliance with GDPR and your own data management policy you must be prepared to erase data if a customer changes their mind.
For your marketing and sales team, losing an opportunity to sell your business is sad but if you have collected, used and stored personal data in an open and compliant manner it’s likely your customers will continue to support your business.
Action: Some companies are choosing to delete data they cannot obtain permission for – perhaps because they see it as too big a job and want to start from scratch. This is a better course of action than holding data after May which is not considered compliant.
GDPR doesn’t have to be a marketing adversary. It can help you to keep data safe and earn the respect and trust of your customers.
For more information about marketing your business post-GDPR get in touch.