Tag Archive for: GDPR

Post GDPR: Marketing in a regulated world

Post-GDPR: Marketing in a regulated world

Just over a year ago, businesses all over the country were staring down the barrel of the incoming GDPR regulations, wondering how the marketing landscape would change. GDPR seemed set to shake the business world, and it was a clarion call for marketers to review their strategies.

Ultimately, whilst GDPR did change the way we look at data, it didn’t completely change the world. Keen-eyed marketing professionals have recognised opportunities in the post-GDPR landscape, so here are a few insights on how you can reap the rewards for your brand.

 

Consider changing your marketing focus

Email marketing had been growing in popularity in the years leading up to GDPR, and it certainly still has a place. Although contacts lists will be looking a little shorter in the wake of new legislation, email marketing has not been killed off completely.

That said, it may be worth integrating – or perhaps reintegrating – traditional direct marketing activities into your strategy. Direct marketing falls outside of GDPR regulations, meaning you can send marketing material to potential customers.

Direct marketing often requires a little more leg-work than email marketing, but it can pay dividends. To make the most of your efforts, put a framework in place for following up with those you reached out to. Telemarketing can be effective, in this instance – even if a recipient is interested, they might not take the time to pick up the phone. In this way, you can build rapport with a potential customer over the phone whilst having a head start over a completely ‘cold’ call.

 

Reinvigorating your marketing strategy

Be it direct, by email or otherwise, any individual marketing activity is just a piece in a larger puzzle. In this post-GDPR world, it’s worth taking some time to review all aspects of your marketing strategy and see how other areas can make up for any shortfalls.

You might want to consider:

  1. Events: are you putting your brand out there at industry events? Not only can this increase brand awareness and perform a lead generation function, but face-to-face networking is often the most effective way of building a relationship with a potential client. If people can talk to you and learn about your brand that way, they are more likely to remember and pick up the phone.
  2. Social media: your social media platforms are an invaluable tool for sharing brand news, products, and engaging with industry news. Managing your social media profiles shows both existing and potential customers that the brand is switched-on, interested, and present within the industry.
  3. Public Relations: building positive relationships with journalists in your field can ensure that your business news hits the headlines in a timely and effective fashion. Once you have established a good relationship with the press, you will have a platform for sharing success stories and more, thus raising brand awareness.

 

Perhaps the most important exercise in the wake of GDPR is to re-consider who your target audience really is, re-focus your strategy to approach them, and re-imagine how you are putting your brand out there in a wider sense.

If you’re looking for guidance on marketing or PR activity for your business, don’t hesitate to get in touch with the Technical Marketing & PR team to see how we can help.

 

*Data & Marketing Association

Are you GDPR ready?

What is GDPR?

GDPR is the new General Data Protection Regulation which will come into force from 25th May 2018. It will replace the current Data Protection Directive 95/46/EC. The new regulation intends to strengthen and unify data protection for all individuals in the European Union.

 

But what about Brexit?

Even though the UK is set to leave the European Union, the government has fully committed to GDPR. From a global perspective Europe is leading the way with GDPR and although data protection is constantly developing, the rest of the world is likely to follow over time. And if nothing else, all you would have to do is store one EU citizen’s data on your system and you would have to be compliant with GDPR anyway. Any company not compliant with GDPR would face significant difficulty in trading with the EU.

So, what does GDPR actually involve?

Valid Consent: There will be stricter rules surrounding consent to use people’s data. Obtaining consent for processing personal data must be clear and seek an affirmative response or opt in system.

Transparency: People will have a right to see what information you hold about them. You must be able to tell any one person at any time how their data is being used.

The Right to Correction: Individuals will have the right to rectify any information that is incorrect.

The Right to Erasure: In some cases, people will have the right to have their data completely erased.

Data Portability: People will be able to request their data is moved from one service provider to another.

The Right to Object to Automated Processing: Individuals will have a right to object to certain types of automated processing.

 

How will GDPR impact PR & Marketing?

GDPR will impact all areas of businesses, it’s not just an issue for compliance teams. GDPR will arguably change the way in which marketing departments operate. In marketing we work with a lot of data, particularly when it comes mailing or analytics. Communications data such as name, email, phone number and address, all fall under the GDPR remit.

With GDPR in place, marketers will only be able to mail people who have opted in to receive messages. The sign-up process must include information to subscribers about the brand that is collecting consent, and outline information on the purposes of collecting their personal data. Records need to be kept of the given consent.

But what about people like journalists who make their contact details readily available? Although you are unlikely to face consequences for mailing journalists you must not be complacent. Only send journalists relevant content and do not abuse the access you have to their information.

There is no allowance for data collected without consent prior to GDPR. Many companies will want to work with marketing and PR firms to make themselves visible in new campaigns to retool and build brand awareness to encourage new opt ins.

You might think that there is going to be a mad rush to collect new data, but this is where ‘privacy by design’ comes in to play. Privacy by design is about being responsible users of information and only collecting the minimum amount of data required to conduct business operations. The data must also not be stored for any longer than is necessary.

Working with other organisations

In an increasingly globalised world of information sharing and collaboration, businesses often work with other partners or services to outsource areas of work. The original data owner is responsible for ensuring there is a procedure in place to confirm the data is used appropriately. There needs to be a formal control in order so that the information is only used for the purpose agreed. This could take the form of a contract or formal assessment of data security and privacy. It’s all about showing that you have effective regulation and control processes in place.

 

“GDPR won’t impact small businesses like mine”

GDPR will impact all businesses. Rightly so, larger businesses and corporations will have a lot more work to do to make sure they are GDPR compliant, as they often have large databases that feed in to one another. It will become mandatory for large businesses processing high volumes of data to appoint a Data Protection Officer. But small businesses also need to be able to prove they are compliant, even if it’s in the form of a 1-page document. You need to have some sort of document you could show a compliance officer to demonstrate you are GDPR ready. Any business you work with inside the EU, where sharing data is involved will be required to assess you to some extent in terms of GDPR. So, it’s worth getting it right.

 

What are your obligations?

Accountability: Demonstrate compliance by maintaining accurate data processing records.

Data Transfer: You are only allowed to transfer data if the appropriate safeguards are in place.

Data Security: All data must be kept secure and protected.

Data Breaches: Data breaches must be reported within 72hours.

Data Protection Officers: DPO’s will be mandatory in organisations processing large volumes of data.

Data Protection Impact Assessment (DPIA): DPIA will be mandatory if you’re processing activity results in a high risk to any person’s data rights.

 

What will happen if you don’t comply?

Regulators are super serious about data protection and responsibility this time around. Regulators in the UK have begun a serious recruitment drive, so companies will certainly be subject to checks. Data Protection Authorities and the Information Commissioners Office (ICO) will be able to flag companies that are not compliant and carry out an assessment. Consumers and individuals will also gain power from this perspective as they will be able to make complaints about any organisation they feel is using their data irresponsibly. Hefty fines will be placed on businesses who are not compliant with GDPR.

 

What next?

There is certainly a lot of information to take in surrounding GDPR and it is important to do your research and make sure your business is compliant. The emphasis is on being responsible data users and being able to demonstrate how you comply rather than defending yourself if you don’t. GDPR is a great opportunity for businesses and organisations to get into shape and promote how you control data use in a professional manner.

 

Benefits of GDPR

Enhance customer trust

Improve brand image and reputation

Strengthen data governance

Tighten information security

Increase competitive edge

 

It’s important to do your research and get the correct protocols in place. The ICO website is a great place for more information on GDPR. Check it out here.