You can put your clothes back on now: Our journey towards GDPR
How often do you hear the initialism GDPR at the moment? Well, you’re only going to hear more about GDPR – or General Data Protection Regulation, to give it its full name. And the bigger question is: have you done anything about it yet? If you haven’t, you’re not alone. According to the DMA, less than half of UK businesses have started out on the route to GDPR compliance. We went through the experience ourselves recently. Here’s what we learned, and some tips if you’re starting out.
The word’s enough to make any marketer feel nervous and uncomfortable.
It’s like going for a medical. You know there’s nothing to worry about – but there’s that nagging doubt. Then they call your name, and you break out into a cold sweat. You hear the dreaded words: “just step behind the screen and take your clothes off”. There’s no turning back.
It’s no different to our recent experience of starting the journey towards GDPR compliance.
GDPR comes into effect in May 2018, and it’s vital to be ready. Data – and, in particular, personal data – records are the fuel for what we do, so we felt we had to be on the front foot.
What’s it for?
GDPR is there to improve and simplify data protection for EU citizens and businesses. If you collect, store and process the data of an EU citizen, you need to comply. But what does it actually mean for marketers? As we don’t have a data protection officer, we had to find somebody who understood the implications and could guide us through the process.
It all started for us with an external audit: GDPR’s version of taking off our clothes. From the first moment, the questions hit us like a machine gun. This was our business and the conversation was about the complexity of what we do for our clients. Sitting there “naked” in front of this stranger was suddenly the norm.
Just a little bit of exposure
The questions kept coming. Why do you do this? What type of security do you have? Is that cupboard locked at night?
The data auditor had an uncanny knack of opening each new conversation with a question that got the pulse racing. However, at the end of the audit, all the department heads looked at each other with a feeling of “phew, we’re not in bad shape”.
Focused on what matters
The results of our audit were good. Our core processes to manage the access, use, storage, distribution and deletion of data are strong and robust for what we do. Next year, we’ll go through the process again. Hopefully, we’ll feel less awkward about taking our clothes off.
Marketers love an incentive
Pay attention. With GDPR, the penalties are big. Fail to comply and the penalty could be up to €20 million, or 4% of global annual turnover, whichever’s the greater figure. It’s not an idle threat. Honda and Flybe have been fined more than £80k between them for emailing customers without permission. So, it’s well worth adjusting your approach to data. Data is now different. The focus on quality means the numbers game is over. Yes, GDPR is complex. But get your head around it, and find the best way for your business to deal with it: it’s manageable and can open up opportunities.
How is GDPR affecting our day-to-day business? It’s already part of client conversations. The three practical elements are:
- Opting in or out: prospects and customers must agree that their data can be used and that they can be contacted. They need to indicate agreement by a “clear affirmative action”.
- Control of personal data: GDPR gives individuals more control over their data. This means enabling them to access and remove it.
- Processing personal data: quite simply, better housekeeping and focus will help marketers manage their data and stay within the GDPR framework.
Clients are also now talking about creating inbound marketing strategies that inspire customers to engage with their brand.