After the recent episode of Cambridge Analytica on data mining, data brokerage and strategic communication to the users, an alarm has been raised all over. Today, the big question is, when a tech giant like Facebook can be tricked by Cambridge Analytica, then what blunders can other hackers do to the personal information of millions of users? Hence, consumer’s data with regard to any context is a major concern.
The European Union has taken a strict initiative against this and has enforced new set of rules GDPR (General Data Privacy Regulation) on 25th May 2018. These rules will be promising to give users in the Europe and beyond, more authority over how their personal information is used online.
GDPR will significantly change the way of handling data as far as marketing is concerned. In terms of storing marketing database, the companies will have to follow a certain set of rules compliant with these standards.
What is GDPR?
GDPR (General Data Protection Regulation) will be superseding the former law called the Data Protection Directive. GDPR primarily, is aimed to equip the citizens with complete control on how their personal information is used and stored by businesses. It will simplify the regulatory environment and even caters to the export of data outside EU. It ensures more transparent reforms for data collection and sales and empowers the users with a number of rights with regard to processing and usage of their personally identifiable information (PII).
Replacing the privacy guidelines where not updated since 1995, GDPR will keep a strict check on companies and avoid usage of vague, unfair and confusing language to have the user agree to whatever they wish.
There are some significant changes in the set of rules to avoid data breaching:
Privacy Policies
Just being aware of GDPR rules will not serve the purpose. If you are a company who is collecting, analysing, storing or using the data of any of the citizens of European Union, then you need to update your Privacy Policy before 25th of May. In case you have not able to do so, the following questions can guide you on how to write a GDPR compliant Privacy statement. According to the new standards, you should write a transparent, concise privacy policy in a plain language comprising of the following:
Google Analytics and GDPR
Google Analytics is broadly used by marketing agencies to generate better business results. Heading towards the data protection wave, Google Analytics has implemented some revolutionary changes to become compliant with GDPR standards. It has added a new feature called “Data Retention Control” with which the user data is automatically deleted after 26 months when set to default settings.
If you’re admin to GA account, you have the option to retain data for : 14 months, 26 months, 38 months, 50 months, or Do not automatically expire. In this case do not send any personally identifiable information (PII) to Google Analytics. As the IP addresses which formerly was not considered in PII is now classified as an online identifier in compliance to GDPR standards. So you can still get the insights of visitors on your site by turning on IP anonymization.
Google Adwords
As per GDPR, advertisers using the Google Adwords will now have to take extra steps in obtaining user’s consent. The permission of user will be needed for the use of cookies while collecting and sharing of personal data for personalized ads. In case where the information is used legally, the data processor should conspicuously identify the party which uses the user’s data. If a person doesn’t sign up for sharing personal information, Google Adwords should serve them non personalized ads.
Email Marketing
As GDPR has been enforced on 25th May, one of the major areas of change in the marketing industry is Email Marketing. GDPR has raised the bar to a higher standard of consent for subscribers.
Under GDPR, email consent needs to be separate. Never bundle consent with your terms and conditions, privacy notices, or any of your services, unless email consent is necessary to complete that service.
Under the compliance of GDPR, you should not send the subscription to the countries listed in EU, In case you are sceptical about the emails and how they opted in. Make sure you segregate them in different lists and send new email asking them to confirm that they would like to continue receiving messages from you.
As a digital marketing agency you should follow and implement these practices under GDPR compliances:
As a marketing agency, our advice is always to be as transparent as possible with consumer data to build more relevant, valued relationships with our customers and consumer.
Although the implementation of the GDPR is likely to cause some businesses more difficulty than others (such as enterprise firms that offer “big data” products), it’s important to remember that this legislation is being introduced to protect users’ rights in a time at which almost every conceivable aspect of our lives is stored online – and is highly vulnerable to exposure and exploitation.