Breaking Down GDPR in the New Digital Age
Over the past two decades, debates have raged on about internet culture, the economic value of data in light of privacy as a fundamental human right, and the government’s role in moderating the online space. In the physical economy, processes and safeguards were built and enhanced over multiple years to ensure the protection of consumers. Still, for obvious reasons — the digital economy proved a bit trickier.
Then, on the 14th of April 2016, the EU announced that it had adopted regulations to protect consumers’ data and their privacy. On the 25th of May, 2018, the legislation came into force in all countries in the EU and the EEA. 6 years on, it has led a wave of data protectionism that has laid the foundation for similar legislation in other regions of the world, including Japan, Argentina, and South Korea, among many others.
A few things we touch upon in this blog — we explore the GDPR, what it is, its most likely implications on digital marketing, and how marketers can hope to refine strategy based on these implications to problem-solve and unlock new opportunities.
What does the GDPR stand for?
The General Data Protection Regulation (GDPR) is a binding legislation that prescribes clear guidelines for how user data is collected, stored, and used by organisations. It is the European Union’s primary policy on digital privacy, and has served as a model for many other countries seeking to protect consumers within the digital economy.
What are the principles of GDPR?
Like most other pieces of legislation, the GDPR is a robust document. It consists of 11 chapters, 99 articles, and 173 recitals; all in 269 pages of boring legal speak. All of which, quite understandably, can be a hassle to read. In this section, we break it all down into 7 simple pillars.
Lawfulness, fairness and transparent processing
This requirement simply sets the standards for the processing of all consumer data. It must be lawful and fair, which means data must be collected in strict accordance with GDPR regulations. Also, processing must be transparent - this mandates companies to inform customers about how their data is processed, and why.
For almost as long as the digital economy has existed, questions have been asked about how much user data is actually collected by digital companies, and how these datasets are stored. And with data breaches occurring more often, consumers have become rightly concerned.
The infamous Cambridge Analytica scandal showed just how seemingly harmless data could be weaponised. To avoid the potential misuse or malicious use of data, this pillar of the GDPR regulations requires that companies limit the use of consumer data only to purposes for which they’ve informed the customers. It also requires that only the specific data sets required for that purpose are collected, and that they are deleted once this purpose is fulfilled.
Rights of Data subjects
Besides the general restrictions imposed on how data can be collected, used, and stored, the GDPR regulations further grant the rights of data subjects to control their data. There are 8 fundamental rights, granted to customers, in this section.
- Right to request information from the company.
- Right to access own data.
- Right to rectification of personal data.
- Right to withdraw consent.
- Right to object to the processing of personal data.
- Right to object to automated processing.
- Right to erasure of personal data.
- Right to request for transfer of personal data.
The law requires that companies obtain explicit consent before they collect and process data. Also, if the collected data is to be used for purposes different than it was collected for, fresh consent must be sought from the data subjects.
Breaches of Personal data
When breaches occur, the regulation mandates companies to log them into a Data Breach Register. And then, if relevant, within 72 hours, inform both the regulators and data subjects; so that both parties can carry out appropriate action before it does much damage. Relevency is determined by if there is a risk to the rights and freedoms of free people meaning the processing may give rise to:
- Identity theft or fraud
- Financial loss
- Damage to the reputation
- Loss of confidentiality of personal data protected by professional secrecy
- Any other significant economic or social disadvantage
Data protection officer
For companies that deal with significant amounts of consumer data, the law mandates them to appoint Data Protection Officers; whose job description would be to enforce compliance with the GDPR. Just like companies in the physical economy have lawyer-led compliance departments to ensure adherence to industry regulations.
Continuous staff training and awareness
Finally, companies are mandated to train their staff concerning the GDPR. To ensure that everyone is fully informed about the legislation and how to act in accordance with it.
How the GDPR affects digital marketers
For businesses in the digital marketing space, the implementation of the GDPR was a watershed moment that has changed how business is conducted forever.
It doesn’t matter whether your company is registered in Tuvalu or somewhere far away in Africa, the law mandates that you observe its requirements in your relations with European members of your audience. So, how does the GDPR regulation affect digital marketers?
A reduced online audience
A major drawback of the regulation for digital marketers is that consent must now be explicitly obtained from consumers before you can track, collect or use their data in any form. Naturally, this leads to a significant reduction in the size of online audiences.
Mandatory increased investment in data protection
Before, the norm was to store consumer information in the cloud, thanks to the relatively unlimited storage choices provided by cloud service providers. But, under this law, companies are mandated to invest more in data protection, including employing Data Protection Officers, training and retraining existing staff. But even more, companies are required to incorporate mechanisms to ensure “privacy by design”.
Email list restrictions
Since the law now requires that consent be obtained for every single purpose, it is no longer possible to buy email lists or to simply transfer them for other purposes. Users must explicitly opt-in to receive emails. And users who opt-out must be deleted.
Automation is hobbled
Automation has become somewhat like the bedrock of modern digital marketing. With multiple data points on every data subject, companies can automatically generate advertising content to target and elicit the best possible returns on advertising investment.
But with the GDPR limiting how much data can be collected and what can be done with it, the data pool available to automation software will be limited.
How to overcome B2B marketing challenges posed by the GDPR
The restrictions imposed by the GDPR obviously come bearing serious B2B marketing challenges. But digital marketers cannot simply throw in the towel and choose to close shop. Rather, they can get back on track with a GDPR-optimised tech stack, and the right set of resources
While the consent restrictions and the reduced email lists might mean companies find themselves marketing to much smaller audiences, it is not all grim. While, of course, numbers are a good thing to have, quality pulls more converting power than quantity.
Much like how leads who have consented to have their data tracked are more likely to convert than those who don’t, rather than a saturated subscriber list with low open and click-through rates, a post-GDPR email list would likely have subscribers more receptive to sales efforts. Companies have to make the best use of this opportunity by further fine-tuning their marketing strategy.
Another thing just as important as the size of your audience is the software you use in managing them. Already, there have been over 1,000 fines, with the highest yet being €746 Million awarded against Amazon by Luxembourg. It’s safe to say that a sizable chunk of these violations was not deliberate, but rather due to a lack of systems and tech stack that is not yet optimised for the GDPR regime.
This is why it remains crucial for digital marketers to immediately examine their options and find marketing solutions providers that can best handle these regulations. APSIS One, for one, has perfected data security and streamlining marketing processes in accordance with regulations, helping our clients avoid steep GDPR fines.
Get back on track with APSIS One.
The GDPR — while opening exciting new frontiers in user privacy and data control online — has severely changed how digital marketers operate. But all is not lost; with the right resources, digital marketers can yield even higher ROI on their marketing spend in this regime.
Our email marketing handbook is a well-rounded guide, containing other important tips for marketers, aside GDPR compliance. At APSIS One, we have accumulated years of experience in the provision of marketing solutions to our teeming clientele, especially in the email marketing department. Book a free demo today to join in the experience.