What on earth is GDPR?

I listened to a GDPR webinar, so you don’t have to. Here’s what I learned

by Simon Bennison

If you’ve got a spare hour, watch or listen to the full version of the General Data Protection Regulation (GDPR) webinar by Sagittarius. Or you could save yourself the time (and effort) and read my notes.

What is GDPR?

  • GDPR is a set of regulations by the European Parliament which will give people more control of their data
  • It makes brands more accountable for what they do with other people’s data
  • Companies can be fined up to 4% of their global turnover for breaching GDPR conventions
  • The impact of GDPR reaches far beyond the world of marketing (in this webinar, an example given was HR staff storing people’s CVs)

What does it mean for agencies and their clients?

  • You must obtain consent to hold anyone’s data — however there is no need to obtain re-consent if you were clear as to why you needed the data in the first place
  • If, for example, you obtained consent to send a newsletter, that doesn’t in turn mean that you have permission to send them offers from partner companies
  • You should offer unbundled consent — this just means asking people separate questions about what they consent to (i.e. whether or not they agree to the terms and conditions, or are agreeing to receive marketing further info).
  • Be transparent and honest (duh) — tell people what data you are collecting, how and why you are doing it and how they can get themselves removed from it.
  • Companies doing this well include Waitrose, Age UK and Sainsbury’s, amongst others.
  • Right to erasure — people have the right to withdraw their consent and have their data removed from your database
  • This also means that you can ask companies to give you the data which they hold on you…which most companies can’t do because their data storage is not organised enough to meet the GDPR standards
  • Companies will need to assign a person accountable for their data who can respond if they’re reported for a personal data breach
  • You’ll need diagnosis tools to be able to pull together a history of what’s been done with the data
  • You must notify people if you’re using their data for automated profiling (e.g. using the data to predict personal preferences, behaviour or movements)
  • This could result in issues for re-marketing and personalisation marketing

What’s the opportunity?

  • A market for tools that help companies keep track of the data they hold and where it’s been used
  • A clear business case for getting your data in order
  • Improvements in people’s data security
  • Following this, the customer experience will only get better (through empathy) because marketers will need to comply and therefore develop a better understanding of their clientele
  • Jobs for data protection officers (either in-house or outsourced)
  • Bear in mind that you’ll need legal expertise to find out if you’re compliant with GDPR regulations
  • Companies will need to declare their compliance to people (as it’ll come to be expected) through contracts and policies on their websites

My Conclusion

This is not something that will just blow over, it will change the way companies treat personal information and give people back control over their data.

This is an area that’s ripe for disruption, too many companies have been treating people unfairly when it comes to using their data. GDPR, and the tools and services that emerge off the back of it, might just be the thing that gives people their privacy back.

Simon is Creative Director at Caliber, a former designer of toys, footwear and eyewear who’s now more into digital strategies. Find out more about Caliber, the Smart Organic Marketing agency.