Written by Rikki Lear
27 | 07 | 17
There’s a lot of talk about GDPR at the moment in market circles, and rightly so. It could have a big impact on marketers, in particular, those practicing digital / inbound marketing techniques.
So let’s just jump right in...
GDPR stands for General Data Protection Regulation and it’s being brought in by the EU to replace the UK Data Protection Act of 1998.
GDPR is being introduced for two key reasons. Firstly, to update law which was created before the boom in internet and cloud services. Secondly, to give the EU single market an identical set of laws.
The law actually came into force on 24/05/2016 but businesses were given a two year period to comply (until 25/05/2018). It will affect both businesses (controllers of data) and IT processors (such as software companies).
It will apply to all parties, even those outside of the EU, if they deal with EU residents’ data.
As a business (controller) you need to make sure the data is used for a specific purpose and handled lawfully and transparently. Once the specific purpose is carried and the data is no longer needed, it is a requirement that the data is deleted.
“Lawful” is the key word here, and it has a range of alternative meanings - the key ones for marketers are below. You must ensure one of these apply:
As marketers the consent issue will be the big change here. We need to put a process in place to ensure they are giving an active and affirmative confirmation.
This active consent means passive acceptance such as asking people to opt-out after the fact or pre-ticked boxes are no longer allowed.
We also need to keep a record of how they gave consent and allow them to withdraw that consent at any point.
Any data which was included in the Data Protection Act is included and the EU has also increased the scope further. One noticeable change for inbound marketers is that IP addresses and online identifiers are included.
So, common marketing fields / data, such as those below, are included:
It’s also worth noting that this applies to both B2B and B2C data.
The penalties are much more severe; if you fail to follow the basic principles, such as gaining consent, you could be fined up to €20m or 4% of global turnover, whichever is greater.
You will also be penalised if you do not report any data breaches within 72 hours. Previously companies have not reported issues and hoped no-one would find out. GDPR intends to eradicate this lack of transparent business practice.
While we are a member of the EU, which the UK will most certainly be in 2018, we are bound by GDBP.
It is also believed that the UK will adopt the same legislation when the UK leaves the EU, so companies using data from the EU can continue to do so legally.
If you are practicing inbound marketing already the good news is you are already on the right side of this policy change. As opposed to those practicing outbound who are going to need to seriously review their data acquisition strategy. With inbound marketing, all you need to do is review a few tactics.
To make sure you are complaint, these are some of the areas you need to look at:
You’ve got fewer at 10 months (from the time this post was published - July 2017) to get this task done, so my advice would be to get going - rather than putting it off.
Looking for a system which can handle your GDPR compliance needs and make it easy? The HubSpot Marketing Platform and the HubSpot CMS are ideal, compare the HubSpot CMS against Wordpress and more below...