How to comply with GDPR regulations? A simple step by step primer

GDPR impacts digital marketers

Apurva Chamaria, Chief Revenue Officer, RateGain shares his two cents on European Union’s General Data Protection Regulation – GDPR impacts digital marketers.

Google and Facebook faced $8.8B GDPR suits on Day One of GDPR itself! A few U.S.-based apps were also withdrawn from the European market. This is the impact that GDPR created on Day 1 of its coming into force. If you’re a digital marketer, you must be familiar with European Union’s General Data Protection Regulation (GDPR) that has come into effect from 25th May, 2018. GDPR requires clear consent and justification for any personal data collected from users, and these guidelines have pushed companies across the globe to revise their privacy policies and collection practices. But many companies are still unprepared for enforcement.

What it is GDPR?

According to the regulation, Companies that collect data on citizens in European Union (EU) countries will need to comply with strict new rules around protecting customer data under this regulation. The GDPR was developed to protect EU citizens from privacy infringements and data breaches in our increasingly data-driven world.

It affects how businesses must explain and obtain consent for new and existing prospects and customers who subscribe to their email lists and are stored within CRM and other systems. Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU.

What Privacy data GDPR protects?

One principal aim of GDPR is to increase protection for individuals’ personal data.

Personal data is “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”. It includes information such as Name, Address and ID Numbers; Web data such as Location, IP Address, Cookie data and RFID tags; Health and Genetic data; Biometric data; Racial or Ethnic data; Political opinions; Sexual orientation.

Also Read: What data does Facebook collect when I’m not using Facebook, and why?

What’s the Penalty for non-compliance?

20 Million Euros or four percent of an enterprise’s worldwide revenue, whichever is larger

Social Samosa 40 Under 40
What does this mean for ‘Digital Marketers’?

According to me, GDPR is more of an opportunity rather than a threat to digital marketers. It’s an opportunity for digital marketers to focus their efforts to a specific & targeted audience instead of doing mass mailing or spamming those who’re irrelevant to a business. It’s an opportunity to ensure the mailing list is clean and up to date which in turn would improve campaign metrics and results. GDPR puts the focus back to customers, in a more legal way. The steps that digital marketers need to follow to ensure GDPR compliance:

  1. Update your website’s privacy policy and cookie policy mentioning how to store and protect your customers data (please refer attached sample template for website privacy policy)Website-Privacy-Policy-Sample
  2. Inform your subscribers about your updated policy terms & assure that your data is safe with them (please refer attached sample email template)Pivacy-Policy-Email-Sample
  3. Your website must have a secure URL (It’s non-negotiable now)
  4. Have active consent from website visitors i.e. do not pre-check the opt-in or privacy checkbox in the forms – don’t trick your customers by keeping it auto-checked (please refer attached sample screenshot of GDPR compliant subscription form).
  5. Include a form field of Nationality in your website forms to know whether the individual is from European Union or not
  6. Have a complete record of when a customer subscribed to receiving marketing communication from you
  7. According to GDPR, customer has the authority to request for information on how is their data processed and what all data you’ve stored
  8. Customer can request to forget them which in other words means that businesses have to delete all personal data for that prospect from all places in their systems
  9. Don’t forget that the consent is valid only for 2 years
  10. Every email must have an unsubscribe link, your office address, contact numbers & option for users to request for data or to forget themselves
  11. It’s a good practice to let your subscribers know on why are they receiving this email
  12. Set up a Data Privacy Office (DPO) if you’ve not one in your organization and employ data protection officers

While this is applicable for EU & outside EU citizens, we can expect similar regulation from other countries as well. It’s wise to implement these measures globally. While it may sound threatening, GDPR however offers a great chance for businesses around the world to develop a competitive advantage and winning trust of their customers and loyalty. Loyal customers are close to becoming advocates of your brand and products so don’t lose this opportunity.


Comments

Social Samosa 40 Under 40
Apurva Chamaria currently heads global brand and digital marketing for HCL Technologies, a 6 Bn US$ IT major and is responsible for global brand marketing, employer brand, employee and community marketing, thought-leadership marketing and digital marketing. He has pharmaceutical industry experience having worked in various sales and marketing positions at Ranbaxy Laboratories Limited (now a part of Daichi Sankyo). He's also a regular speaker at industry and company conferences like Sales Performance Management '12, Octane User Group Summit, Microsoft Leaders Speak, ACMP Change Management 2014, and premier B-School events and annual conclaves of institutes like ISB, IIM-A, IIM-Raipur, FMS, IIMC, IMI, MICA, Great Lakes etc. He’s a columnist for the Pitch magazine. Follow him on Twitter @a1purva