GDPR and the ePrivacy Directive: catalysts for a better class of conversation?

Behaviour, not just technology

Even if a business’s technology ticks every box, that won’t prevent a breach of the new rules. One individual copies a few email addresses into a spreadsheet and sends them to someone outside the business. They haven’t asked each individual email address owner for consent. Result? The business is in breach of the rules.

As marketers work with many different external agencies, it’s very easy to see scenarios like these arising every day. Another example is data mining on social media. For example, looking for consumer insights on Twitter through user data (which is personally identifiable information) without express permission would also result in non-compliance. Or what about taking cookie data from a site and matching that with email data to create customer profiles? If you don’t have the proper rights and permissions in place, you’re in breach.

Think different

So how do marketers need to start thinking and therefore behaving differently to avoid running into problems? One of the key elements of the GDPR is what it describes as ‘privacy by design’. That’s a vital concept. It asks you to ensure that at every point at which you touch data you keep each individuals’ data private and assure yourself that you have the right to use it.

Privacy by design prompts different questions that will lead to new ways of thinking and behaving. For example, can you send data to an agency? Do you need to anonymise it? How will the agency use it? Answering these is not about technical fixes – they require a change in behaviour.

ePrivacy Directive – prompting more valuable conversations?

So marketers have a clear role to play in helping their business meet the demands of the GDPR. But there’s another set of new rules for which they will have a much more direct responsibility. That’s the ePrivacy Directive, which comes into force at the same time as the GDPR and carries similarly hefty penalties for a breach. While GDPR puts in place a comprehensive framework for handling data and the associated rights of every individual, the ePrivacy Directive dictates how marketers can actually use personal data.

For example, the new rules make the opt-in to receive marketing communications much tighter than in the past. If, for example, you’ve previously collected data with a pre-ticked box implying tacit consent, you will now need to go back and ask every individual to proactively confirm their permission.

From reach to relevance

Of course, that’s a challenge. But there’s also a big opportunity here to gain trust and transparency by becoming much more relevant. After all, who doesn’t want to receive information that’s personally meaningful and useful? The new ePrivacy regulations should force a rethink away from using large-scale but imprecise ‘reach and frequency’ communication models and prompt a move instead to more targeted and focused campaigns. If you have consumers’ express permission to engage them in a conversation, they clearly want and expect to hear from you. That opens the door to more valuable relationships.

It also implies a reconfiguration of traditional power within marketing teams. Today’s hierarchies are largely determined by budget size. But with smaller, more targeted campaigns costing less, what you can achieve with the budget becomes the more important measure of success.

Taken together the GDPR and ePrivacy regulations do create some big challenges for marketers. But the they also present a potential catalyst for building deeper and stronger trusted communication with consumers. In other words: better relationships, at lower cost that generate more value. What’s not to like?

Russell Marsh is a managing director at Accenture Digital