In today’s digital space, personal information is being collected at an excessive pace – something we may have never imagined a decade ago.
A consumer’s digital footprint is easily traceable. The websites he/she visits, the social networks and mobile applications used, and even the photos that are taken are all recorded, measured and scanned, so the consumer can be presented with perfectly curated ads to fit his/her lifestyle.
Believe it or not, personal information is more worthy than ever. In May 2017, The Economist published an article about personal data and its value to marketers. The article titled “The world’s most valuable resource is no longer oil, but data” explains how data is the key to how companies are not only able to communicate with their customers, but also how the buying experience impacts the customer.
What Does This Mean For Consumers?
When it comes to personal information, consumers are generally amenable to sharing at least some information—if they see value in it for them. However, because personal information can become susceptible to misuse, consumers are now demanding to know how companies store their personal data.
Today, more and more consumers are showing a lack of trust. In fact, according to a Deloitte report, 73% of consumers would reconsider using a company if it failed to keep their data safe. Such concerns force a revisit on consumer protection regulations, and this is where the General Data Protection Regulation, otherwise known as the GDPR, comes into play.
What is the GDPR?
The GDPR is a regulation set in place that will ensure that companies conducting business in Europe protect privacy and personal data of EU citizens for purchases made within the EU. The regulation was adopted in April 2016 and will become fully enforceable on May 25, 2018.
Simply put, this regulation will require companies who do business in Europe to reconfigure consumer privacy settings, ensuring that a customer can review their privacy setting before purchasing a product. They will also need to regularly conduct privacy assessments, which will be aimed to review personal data and the way it’s used.
Any non-compliance could cost companies a severe penalty. Why? Cause it is a legal regulation – meaning it cannot be opted out of. Failure to comply could lead to fines of up to 4% of a company’s global turnover.
What Does This Mean For Marketers?
As a marketer, consumer data is a goldmine. Collecting personal information is the single most important key to a company’s marketing strategy. Without data, marketing is blind. Social media, email sign-ups, website visits, purchase history, and general feedback forms all offer valuable insight into segmented marketing. With data collection, a company can give a customer exactly what they want, which in turn, strengthens the consumer-brand bond.
However, brands need people more than people need brands. Because we live in the era of an opt-in culture, a company must strategically draw people towards an “opted-in relationship.”
Global privacy laws, much like the GDPR, will affect this to some degree – but to what extent?
On the surface, the new Data Protection law might seem risky, especially for a small business; however, for marketers, regulations that protect a consumer are nothing new.
In Canada, the CASL – a regulation that applies to all electronic messages (i.e. email, SMS, etc.) a business sends in connection with “commercial activity.” Its key feature requires companies practicing in Canada or conducting business to Canadians to send commercial electronic messages (CEMs) only after that business has received consent, first.
So let’s take a look at this most talked about and what you as a small business owner operating in Europe or selling a product/service to European citizens should be focusing on:
1. Data Consent
How a company manages email opt-ins will look a bit different. Traditionally, once a consumer “opts-in” to receiving communication from a company, they will immediately begin receiving messages and will only stop receiving those messages if they “opt-out.”
Now, with the GDPR set in place, customers, partners, potential leads, etc. in EU need to physically confirm that they want to be contacted. In order to be compliant, a company will now need to make sure it has actively sought (and not assumed) permission from its prospects, confirming they want to be contacted.
2. Data Admission
From a marketing standpoint, it will now be a company’s responsibility to ensure that its customers in EU can easily access and remove their personal data whenever they’d like. This can be as simple as including an unsubscribe link within an email, or for e-commerce businesses, allowing a user to fully manage their preferences on their customer purchase profile.
3. Data Attention
We understand that collecting data from a consumer is a valuable thing, however, sometimes collecting a little extra data isn’t needed. As a marketer, you need to ask yourself what’s necessary data and what’s not.
Now, with the GDPR set in place, companies will have to legally validate what types of personal data is needed. In other words, marketers must focus on the data they need, rather than collecting both the data they need and the “nice-to-haves” data they want.
What’s Next for Businesses?
With change comes opportunity. Sure, the GDPR may sound like a wrench in your marketing plan, however, this new legislation isn’t a setback, but rather a chance to do what small business marketers do best – strategize!
It would also be wise to consult your company lawyer when making any strategic business changes. This will not only ensure that you are making informed business decisions, but that you are also 100% in compliance with the GDPR. Plus, you’ll be able to discuss any specific detail that might affect the way you currently market in EU countries.
Above all, keeping up with the GDPR will allow a business to create targeted (and compliant) marketing campaigns that are not only engaging for the consumer, but are also more trusted by them, too.