The GDPR (General Data Protection Regulations) legislation, which will be enforced in the UK from May 2018, has been described by many as the biggest shake-up of data procedures in 20 years and this applies to all areas in which you obtain and use data in your business. There are lots of reasons why you should know more about this, including some eye-watering fines making this new legislation non-negotiable indeed.
Yet, as it covers the complex subject of data protection, GDPR is cumbersome and full of fairly ambiguous statements which mean that reading it makes for a poor pastime. However, you will be pleased to know that there are masses of commentary and easier to read Blogs online, which can help improve your understanding of the new legislation. As my business is affected hugely by this, I have spent a long time researching GDPR in order to understand the main changes and implications: so here are some Q&A’s to get you started:
Q: What is the point of this new legislation?
Since many technological advances have been made since the current Data Protection Act was written, it has become necessary to provide better protection to individuals in the light of the development of malpractice concerning big data. GDPR has therefore set out to ensure that the processing of data is done lawfully and fairly, and is collected for explicitly legitimate purposes, whilst making sure the data is adequate, accurate, and retained for only as long as necessary
Q: What areas will it affect in my business?
Marketing is only one area of your business that needs to be aligned to the regulation. The extent of work required to develop policy and processes as well as to ensure you have the right IT infrastructure in place to protect data flows throughout your organisation, needs careful consideration.
Q: How will it affect my marketing and lead generation activities?
It affects marketing in three critical areas:
- The consideration of opt-ins, opt-outs, and consent regarding communications. The GDPR mandates that consent must be ‘freely given, specific, informed, and unambiguous’, and articulated by a ‘clear affirmative action’. That means you can’t assume consent based on ‘inactivity’, and that a pre-ticked box isn’t going to cut it. Prospects and customers must agree that their data can be used and that they can be contacted.
- Individuals will have the right to be forgotten. The GDPR is designed to offer more control to individuals over how their data is collected and used – and this means giving them some means of accessing and removing their data. They can do this when there’s no legitimate reason to process their information, when they withdraw consent for it to be used on the original terms, and when it’s been unlawfully processed.
- The legal basis for processing personal data. Practically speaking, this will necessitate better housekeeping of the data you hold and less collecting data for unnecessary, or frivolous reasons.
I know it sounds like a major headache but this doesn’t have to be a bad thing. Collecting data indiscriminately doesn’t benefit your marketing results: it hinders them. Some 42% of B2B marketers believe that a lack of quality contact data is the single biggest barrier to lead generation. Making sure you are focusing on the right target markets and communicating well with them, is therefore a good thing and if the GDPR provides some incentive for that, then we should embrace it and make the most of it.