General Data Protection Regulation (GDPR) has been on the lips of business owners, sales people and marketers for a while now, as data privacy is a growing priority for businesses large and small. Though GDPR won’t be implemented until the 25th May 2018, there is no time like the present to prepare your business and become compliant – you certainly do not want to be hit with fines for breaches of the GDPR – let alone the damage it will do to your business’ reputation.

 

What is GDPR?

The first recognition that there was a need for standardised data protection arrived in 1998, in the form of the Data Protection Act (DPA) – a set of UK laws ensuring that businesses take the necessary steps to protect the personal data collected from their customers and prospects. However, given the rapid and ongoing advances in technology affecting the way in which we store data, the DPA is no longer fit for purpose.

While its principles are not dissimilar to the DPA, the General Data Protection Regulation aims to make data protection laws more current in our ever- evolving digital world. Nowadays, people are more aware of data protection; more questions are raised with regards to how information is processed and stored, GDPR will provide customers and prospects with more visibility on how their data is being utilised. Furthermore, GDPR will make it compulsory for businesses to obtain clear and unambiguous consent from their customers and prospects before using their data for marketing purposes. This will give data subjects peace of mind that their details will not be used for any purpose beyond what they have already agreed.

GDPR will also work to standardise Europe’s inconsistent data protection landscape and ensure organisations are held more accountable for data protection and security. Furthermore, the GDPR considers the exponential rate at which technology is advancing and expanding, rendering it a far more future-proof solution than the Data Protection Act.

The GDPR applies to every organisation working within the EU in order to facilitate the secure flow of data across Europe. Therefore, even though the United Kingdom is in the process of leaving the EU, it is paramount that UK companies to start preparing for the GDPR as soon as possible.

What will GDPR mean for both large and small businesses? How do businesses take the necessary steps to become compliant?

Businesses may think of GDPR as a more comprehensive Data Protection Act (DPA). No organisation, however large or small can afford to ignore the updated data privacy demands, companies that don’t take action to comply risk being hit with large fines and reputational damage.

Let’s face it, most companies have built their data over years of activity and will be a mix of consensual and non-consensual data. Whether your data has been purchased or acquired through marketing activities; such as events, email campaigns or through past custom, post May 25th next year, unless you have gained consent, your data and the years of time and investment will potentially be wasted.

Until now, data security has all too often been overlooked in the design process. GDPR will mean that organisations need to practice privacy by design to eradicate the lack of security and privacy input during the design phase, ensuring that all European companies implement adequate systems and processes. If businesses embrace the chances that GDPR will bring, the transition to compliance should be smooth.

2016 saw Talk Talk pay the price for a huge security failure when a cyber-attack resulted in the personal data theft of over 156,000 customers – including many customer’s bank details. In addition to a record fine, Talk Talk’s pre-tax profit fell by more than 50% and the company are still facing the challenge of regaining customer trust.

But it’s not just household names that are under pressure to prepare for GDPR; smaller business should not assume that they are safe behind the shield of bigger businesses, but instead, need to ensure that their data security measures are watertight.

DOWNLOAD OUR FREE GUK GDPR DATA HANDBOOK TODAY

Generate UK GDPR Meeting

What does GDPR Mean for Marketing?

Despite initial challenges that the General Data Protection Regulation will inevitably bring, it is important for all European companies to recognise GDPR as a huge positive – it’ll mean tighter security, with companies taking all the necessary steps to comply; striving to protect their customers as well as their reputation.

Nevertheless, marketers needs to tread carefully, as only ads that approach GDPR correctly will survive. Remarketing and in-audience will become more challenging; a perfect balance needs to be struck between respecting and abiding by the privacy protection that GDPR brings and reaching your target audience at the right time.

The General Data Protection Regulation will affect how is data collected, transferred, stored and processed. As well as clearing the hurdles that this will put in place, marketers need to review all these processes critically, thorough the lens of GPDR. The new regulations will mean that marketers have a far better understanding of how consumers want their data to be used, meaning that, while the need for unambiguous consent may mean audiences are smaller, with more people choosing to ‘opt-out’, prospects will of higher value, with a larger interest in the material that marketers want to get in front of them.
As part of your new GDPR-compliant privacy policy, it is vital that you honour your data subjects’ right to access and right to erasure. Your customers and prospects should be allowed to access the data that your business holds on them, should they wish to have this data removed, under the right to erasure (or right to be forgotten), your business must cleanse your data pool, removing all information relating to the subject. An exception to this, of course, would be if the data subject had previously purchased your goods or services, in which case you are legally obligated to keep a hold of their data for a further 6 years after purchase – though you may not legally contact them with marketing collateral.

It is important to note that useful, marketing tools like Google Analytics will not be affected by the General Data Protection Regulation. Neither Google Analytics nor Google Tag manager collect personal data – they only track user behaviour – therefore, they fall outside the umbrella of processes affected by GDPR.

There is no doubt that GDPR will bring new challenges for marketers, but, as digital marketers, we are an ever-evolving, ever-growing field and are, without a doubt, more than ready for the challenge.

What steps are GUK taking to be ready/compliant?

Generate UK have already taken the necessary steps to become complaint with GDPR. In order to fully prepare ourselves and our clients for the new regulations, Generate UK have worked to become GDPR Practitioners. We have strived to know the ins and outs so you don’t have to; Generate UK are ready and waiting to offer our expertise so that your business is secure, compliant and not left vulnerable to substantial penalties.

How will GUK help our clients become compliant?

Generate UK are committed to supporting our clients in their preparation for GDPR; we are ready to help you cleanse and nurture your data to make sure that it is complaint. We’re currently working with our partners to create two new solutions to help our clients comply with GDPR. These are due to launch at the start of 2018.

GDPR Practitioner BadgeWe have designed a GDPR communications programme to help your business obtain and demonstrate consent from your existing data pool. Helping you outline the legitimate reasons why you would like to continue communicating with your prospective customers and providing your prospects with options of how they would like to receive communications from you.

The programme includes:
• 7 x Campaign (spread out between now and May 2018)
• Fully designed professional email templates customised to your brand and CTAs
• Tailored GDPR and industry based messaging
• Analytics and reporting
• Data base cleansing for GDPR readiness

Looking ahead to GDPR

With GDPR now just over seven months away, if you’re business has not already started taking steps towards compliance, there really is no time like the present. However, it is important not to feel overwhelmed by the imminent changes in data protection regulations – though it may appear challenging, GDPR is set to unlock a wealth of opportunities for marketers.

If you would like to speak to us with regards to the GDPR Services Programme please contact your relevant Account Manager or phone us on 01635 887711 or info@generateuk.co.uk