From Facebook to Google to the halls of the FCC, debates about data privacy have been heating up across the world, and politicians are taking notice. The General Data Protection Regulation, the EU’s new privacy law, aims to curb the privacy abuses of the past by uniting the data rules of all EU member nations under one standard. It is scheduled to go live on May 5th, 2018, and its guidelines will cover a market that is over 750 million people.
The GDPR is relevant for any company that collects, stores, or sends emails – as we have mentioned before, a robust email list of past and prospective customers is a critical piece of marketing strategy, and thus changes to the rules of how it’s done will affect businesses both large and small.
Explicit Consent, or ‘Opt-In, Not Opt Out
The GDPR’s most important change involves regulating the means by which marketers and website operators collect the consent needed to sign customers up for email lists. Gone are the days of auto-subscriptions upon entering an email for a booking or order, or the pre-ticked boxes hidden away in the footnotes of a submission form. Customer consent now must be “Freely given, specific, informed, and unambiguous”: an active sign-up action must be taken by each and every customer to sign up for your email list, which makes it more important than ever to ask your customers to connect with you.
Data Non-Fungibility / No More Blanket Consent
Connected with this idea of consent is the imperative that subscribers must be informed about the explicit, bounded purposes of collecting their data: if you initially intend to collect data to better predict their spending and product habits or desires (for example), you must explicitly ask for that permission – if the permission is granted, you can’t later take that data and use it to create an informative email list featuring your new blog, or sell it to another company for their own marketing purposes. This has dramatic implications for database building and email-list best practices. Additionally, older database systems will not be grandfathered in under the GDPR – if you operate anywhere within the EU, be sure to review the GDPR guidelines to see if your old systems are in compliance and be prepared to allocate resources and time to re-acquiring consent from your current email lists.
Records of Consent
Under the GDPR enforcement guidelines, the burden of proof lies squarely on the shoulders of private companies when it comes to proving data-use consent in the event of an audit or legal dispute. Firms big and small should be taking steps to record digital copies of subscriber’s consent forms in their backups and records, to reduce their legal exposure.
What Should My Company Do?
If your company exists outside of the EU, and you deal exclusively with domestic customers, these legal changes may seem to not affect you, but in today’s increasingly globalized world, few competitive lodging companies should be willing to ignore the affluent and massive EU market. As such, simply removing EU addresses from your database is untenable, and setting up a separate signup procedure for European email addresses and ‘everyone else’ can be both costly and inefficient.
The best way forward for the majority of firms, even those outside the EU zone, is to bring their database up to GDPR compliance. While this may seem to have a negative effect on your ability to rapidly generate an email list by ‘mining’ your clients data from elsewhere, this will be outweighed by the concurrent increase in email list quality: not only do you build trust in your brand by being upfront and honest when trying to connect to your clients, but the subscribers receiving your marketing material will be dramatically more interested, engaged, and likely to convert on average, and that’s a win for everyone.
Additionally, because of the EU’s relatively strong stance on the issue of email privacy, by adopting the GDPR guidelines, you will almost certainly ensure that your company’s practices will be compatible with other, generally more lax standards on the international scene: futureproofing your policies and structures and ensuring smooth sailing through your continued growth and the ongoing changes in the legal realm of data privacy.
The General Data Protection Regulation brings with it massive change to the online marketing sphere, but with the right tools and the right knowledge, these changes can be turned to your advantage, and give you the opportunity to set your company above the pack when it comes to marketing that is smart, socially conscious and targeted to those most eager to hear what you have to offer.
Have a million other things to do and need some help making sure your database and email list is compliant with the GDPR? Contact Blizzard Internet Marketing today to find out more about what we can offer to help you succeed on the web! Looking to learn more about the GDPR? Check out the EU’s FAQ.