The GDPR is in Full Effect. Is My Organization Ready and Compliant?
The GDPR is now live and in full effect. With the enacting of the GDPR — similar to the 2012 Doomsday prophecies — the world will go on. Marketing will go on.
With so much information floating around out there about the GDPR, I wanted to address some pressing topics I continue to hear.
I think I’m in compliance — but how can I know for certain? Is there some entity or governing body that can sign off?
The GDPR sets forth a series of requirements for an organization to follow when processing and protecting personal data. Each organization should and will mitigate the operational risks associated with data processing in different ways depending on multiple factors.
Related Content: What You Need to Know About the GDPR [Plus Bonus Influencer eBook]
It’s not as cut and dry as just “yes” or “no,” and so compliance isn’t simply an exercise of ticking some boxes. The best policy is to adopt a culture, philosophy, and organizational behavior that protects customers’ rights.
This approach is not new, but it’s just now coming to the forefront and becoming reinforced by the GDPR. In an ideal world, most organizations should have been following these principles for the last decade.
Legal advice is important if you are still concerned about your organizational practices when it comes to collecting and processing data. But if you adopt the privacy principles to protect your customers and are aware of the risks while processing their personal data – and are equipped to comply if solicited for data — then you should be in the clear.
Will I see a reduced volume of leads since there’s decidedly more friction for web visitors to opt in?
You should look at the GDPR not as an obstruction to your customer acquisition strategy, but as an opportunity to have better relationships with your customers.
Having clear consent from a subscriber to receive your marketing communications means that they want to hear from you. This sounds obvious, and, from your subscribers’ point of view, it is fair to expect that when you receive their personal data, you will protect them the best you can.
Do you want to send marketing campaigns to the people that truly want to receive them — or just be another irrelevant sender for recipients?
Clean data might be harder to come by, but it means that you won’t be using data that may’ve been given to you under false pretenses or the like, and may likely be invalid. This means that your campaigns will have better engagement, overall — even if you’re sending to a smaller list size.
You’ll be more relevant, and will get much better inbox placement and, in the end, better ROI.
The GDPR simply raises standards to HELP you in creating a clean, valuable, and addressable customer database — this is a good thing.
Is there a software solution for GDPR compliance?
Right to be forgotten, consent management, consumer administration, and audit support are the fundamental ideas of GDPR.
There are a lot of solutions that allow you to implement these ideals while processing your customers’ private data.
What you must keep in mind is that it’s up to you to understand how to manage and deal with the data transactions and interactions across all your other systems and channels. There’s no single platform that will magically make you compliant; compliance is an organizational perspective which can be achieved with whatever system you already use.
We shared a CRM list with a sister/partner company — should we disclose that to the contacts on that list?
The short answer to this question depends on how confident are you that the recipient understood and authorized sharing of their personal data.
List-sharing, per se, is not new — and even before the GDPR, if you didn’t get explicit consent from those recipients, it would’ve still been illegal in Europe.
If you are unsure, it is always better to confirm if you can share that data by sending re-permission emails.
Are abandoned cart emails allowed under the GDPR?
Yes, if you respect the GDPR principles.
Related Content: How to Send Abandoned Cart Emails that Drive Revenue [Examples]
Under GDPR, having the consent from a recipient means that the recipient was not forced — and that there is a clear understanding about what are they consenting to, and wishing to happen.
You might not need the explicit consent if you can demonstrate and have legal ground to justify the “legitimate interest.” Even so, you must provide that information to the recipient and allow them to opt out from that process.
A Can we retain marketing leads obtained prior to the GDPR and use them after enforcement?
You must make sure that you have permission and acceptance from your contacts and they agreed/opted in to be contacted by your business.
If your contacts have explicitly opted in to be contacted by your company under the GDPR directives, you can use that data. If you are unsure, you should collect that permission from your contacts.
Does the GDPR require changes to customer databases?
Users have the right to remain anonymous. This means that users can demand the termination of any data processing.
They can also request and access all data that is related to their own personal data including how you track them on your website or other systems.
You must assure that you only collect the data that is required and for the necessary period of time by applying a retention policy.
The GDPR isn’t the end of the world. On the contrary, it’s the beginning of a brand new world. All things considered, the GDPR presents a chance to adapt our customer acquisition practices and should help usher in a paradigm shift of how we’re contacting customers and with what communications.
Moving from a “one-off” conversion mentality to ongoing customer relationship cultivation requires an overhaul in how we view customers and their personal data — when, where, and how we send campaigns, content, and communications to contacts that desire to hear from you. Now it’s your chance to start fresh and begin building a substantial, engaged audience. ◾
Handpicked Related Content:
- What is GDPR? Everything You Need to Know
- What You Need to Know About the GDPR [Plus Bonus Influencer eBook]
- The Definitive Chapter Guide to Re-Permissioning Campaigns for GDPR [Examples]
Mário Costa is Head of Technical Client Services at Emarsys where he focuses on web development, PHP, web servers admin, web design, and tech support. He has been with the company since 2013, and is lives and works in Reading, UK.
Connect with Mário: LinkedIn