Most marketers today understand that customer data is the most valuable resource at your disposal. All of the available technology and exciting new marketing techniques mean nothing without the power of your customers’ data to drive your overall strategy.
That is why marketers invest in data management solutions like ReachForce. A great data management platform unifies, cleans, and enriches your inbound customer data to ensure you have access to the highest quality insights to influence your marketing plan.
However, it is precisely because customer data is so valuable that consumers and the governmental bodies that protect them are turning their attention toward how companies use and store data in 2018.
The European Union’s (EU) Global Data Protection Regulation (GDPR) is the most prominent example of the new global attention being placed on consumer data protection. If you are not familiar with the GDPR — which goes into effect on May 25, 2018, and will impact any B2B marketers that sell goods or services to EU citizens — this post gives you a brief introduction to what you can expect and how you can prepare before the compliance deadline.
What is GDPR?
GDPR is a new digital privacy regulation that standardizes the way global businesses collect, use, and share customer information with the goal of protecting personal data and influencing the ways marketers communicate with consumers. It is the largest overhaul of data protection in the last twenty years and is pushing businesses around the world to evaluate their data management solutions to ensure they remain compliant. After all, the cost of non-compliance can be quite hefty; according to Article 83 of GDPR, fines for non-compliance can climb as high as €20 million or 4 percent of your global turnover.
While there are several moving parts and complex components to the new EU legislation, GDPR involves changes in three major areas of data management.
#1. How (and Why) Marketers Collect Data
Customer data holds a ton of value for marketers, which historically has led to some fairly questionable methods of data collection. Some companies collected data through a general opt-in or worse, without the consent of their customers at all. Furthermore, given the tremendous value of customer data for marketing purposes, companies have a tendency to ask for information from customers that is outside the realm of reasonable need for that company’s product or service. A company that sells IT services, for example, likely does not need to know your favorite television show or your wedding anniversary.
GDPR requires marketers to gain direct, unambiguous consent from consumers on the personal data they collect and how they specifically intend to use it. General opt-ins will not cut it under GDPR; instead, your company will need to explicitly outline to customers in EU member states the information you collect and how you will use that data in your marketing plan.
Additionally, consumers will need to actively opt-in to your use of their data. Pre-checked boxes that enroll consumers in your mailing list are grounds for non-compliance under GDPR. Instead, customers need to manually check that box themselves for you to use that data and your business to remain compliant.
#2. How Companies Store and Protect Customer Data
Once you have the data, GDPR also has regulations in place for how you maintain and secure it from threats of cyber theft. Ninety-two percent of consumers have concerns about the general security of their data, which is why GDPR puts stricter regulations in place for cybersecurity and reporting on data breaches. Organizations that experience a data breach are now required to disclose such a breach publicly across EU member states. GDPR allows for any member state to pursue legal action in the event of a breach, opening companies up to a higher likelihood of costly fines and the negative impact of a damaged reputation.
Naturally, global businesses recognize this potential risk to costly fines and are therefore incentivized to sufficiently protect against a significant breach. Your data management solution plays a big role in how adequately you protect customer data. ReachForce has certified that it adheres to the principles of notice, choice, onward transfer, security, data integrity, access, and enforcement included in the U.S.-E.U. Privacy Shield Frameworks, a component of the GDPR that ensures U.S. companies meet requirements. Data management solutions like ReachForce help ensure your company maintains compliance and protects personal data in order to avoid the expensive fines or potential lawsuits stemming from breaches and/or non-compliance.
#3. How Companies Erase Data Upon Customer Request
Another heavily publicized component of GDPR involves a customer’s ability to access their data, review how you use it, and make decisions about your company’s future access to that data. Companies that collect data from citizens of EU member states must offer those citizens access to their own data, with the ability to opt-out and permanently erase data from company servers, regardless of where in the world those servers are located. This can often be as simple as an “unsubscribe” link at the bottom of your emails; however, there need to be options for complete data erasure in addition to opt-outs.
“The Right to be Forgotten” — as it is commonly called — requires companies to comply with data erasure when “information is inaccurate, inadequate, irrelevant, or excessive.” It is now the company’s responsibility to provide proof or erasure as well as sufficient justification for why certain data cannot be deleted.
How to Ensure Your Data Management Solution is Ready for GDPR
In preparation for the May 25, 2018, deadline for compliance, there are several components of your data management solution you should review, including:
- How You Collect Personal Data: Ensure your lead capture forms include explicit opt-ins for the ways you intend to use the data of EU member state citizens.
- How You Store that Data: Talk to your data management solution provider to see how they comply with the privacy requirements of GDPR and what security measures are in place to help protect you from a potential breach. (We published ReachForce’s Privacy Shield Notice here.)
- How You Use that Data: Only using personal data for marketing activities where the customer directly consented to their inclusion is a key part of GDPR compliance. Ensure your data management solution is set up to support and help facilitate the “Right to be Forgotten.”