There’s been a lot of chatter about GDPR recently and how it will have a big impact on marketers, in particular, those doing business within the EU, and those companies outside the EU marketing to EU citizens. We've seen a lot of confusion in the North American market so let's run through all the GDPR basics to get you up to speed.
For reference, we first blogged about GDPR back in September 2017 - New Rules For Collecting Inbound Leads And Data From EU Citizens. GDPR stands for General Data Protection Regulation and it’s being brought in by the EU to replace the UK Data Protection Act of 1998.
GDPR is being introduced for two key reasons. Firstly, to update an older law which was created before a massive increase in the usage of Internet and cloud services. Secondly, GDPR is designed to give the EU an identical set of laws for every member state.
Originally, the law actually came into force on 24/05/2016 but businesses were given a two year period to comply (until 25/05/2018). It will affect both businesses (controllers of data) and IT processors (such as software companies).
GDPR will apply to all parties, even those outside of the EU if they deal with EU residents’ data.
As a business (a controller of data) you need to make sure personal data is used for a specific purpose and handled lawfully and transparently. Once the specific purpose is carried out and the data is no longer needed, it's a requirement that the data is deleted, and therefore a process needs to be in place to delete 100% of the data trail.
“Lawful” is the key word here, and it has a range of alternative meanings. You must ensure one of these apply: The person has given their consent for the data to be processed, and you must comply with a contract or legal obligation.
As marketers, the consent issue will be the big change here. We need to put a process in place to ensure they are giving an active and affirmative confirmation.
This active consent means passive acceptance such as asking people to opt-out after the fact or pre-ticked boxes are no longer allowed. We also need to keep a record of how they gave consent and allow them to withdraw that consent at any point if they request it.
Any data which was included in the original EU Data Protection Act is included and the scope has been expanded further. One noticeable change for inbound marketers is that IP addresses and online identifiers are included.
So the data we need to look at - are common marketing form fields such as those below:
It’s also worth noting that this applies to both B2B and B2C data.
The penalties are much more severe; if you fail to follow the basic principles, such as gaining consent, you could be fined up to €20m or 4% of global turnover, whichever is greater.
You will also be penalized if you do not report any data breaches within 72 hours. Previously companies have not reported issues and hoped no-one would find out. GDPR intends to eradicate this lack of transparent business practice.
"If your business is outside the EU, and you actively do business with EU citizens either in a B2B or B2C capacity, you will likely have individuals filling out your online forms and providing you with their personal data, so you will still have to comply fully with GDPR."
If you are practicing Inbound Marketing you're most likely in good hands as you're already on the right side of this law. As opposed to those practicing outbound marketing who are going to need to seriously review their EU data acquisition strategy. With inbound marketing, all you need to do is review a few tactics.
To make sure you are fully compliant with GDPR, these are some of the areas you need to look at:
Want to learn a bit more from the source? I recommend reading the official documentation (https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/) and asking others in your marketing team, IT teams, and management to do the same.
Looking for a technology which can handle your GDPR compliance needs and make it easy? The HubSpot Marketing Platform and the HubSpot CRM are perfect software tools to use. HubSpot are making substantial changes to their product to help you comply with the regulations. Check out the HubSpot GDPR playbook or watch this quick-hit two minute HubSpot video.
THE BRIT AGENCY is a B2B Digital Marketing Agency providing Inbound Marketing, Inbound Website Design, and Inbound Sales services to companies around the world. We're focused on growing website traffic, qualified leads and sales, using the Inbound lead generation and marketing automation process.
THE BRIT AGENCY is a Certified Platinum Tier Hubspot Partner, a HubSpot CMS and GDD certified Inbound Website Design Agency, a HubSpot Certified Trainer, a Shopify eCommerce Partner, and a certified "Google Badged Agency Partner". We have offices in Toronto and Barrie, Canada ... and Salisbury, UK.