Change is on the horizon. This time next year, things will be very different. The new General Data Protection Regulation (GDPR) will be fully enforced across Europe by May 2018.
Designed to tighten the collection, use and retention of consumer data across the EU, no sector and no brand will escape its reach. Whether you’re a hot new financial services challenger or a firmly established global FMCG giant, handle these new rules badly, or even ignore them, and it could spell disaster.
I’m not trying to frighten you here. The threats are very real. Incorrect or misuse of data will be costly to say the least, with a maximum potential fine of 20m euros or 4% of global turnover for breaching consent.
Brexit won’t help you either. Even after the UK leaves the EU, we’ll still need to mirror the regulations to trade robustly across EU and EEA borders. For non-EEA countries, data transfer will require contractual conformation of adherence to GDPR. While dealing with the USA means adhering to Privacy Shield. This framework for complying with data protection came into force after the European Court of Justice ruled that the ‘safe harbor’ agreement is no longer valid.
Back on home soil, you need to heed the Information Commissioners Office, the independent body set up to protect public data privacy. They’re hot on compliance and the numbers of fines being handed out to data abusers is rising. Even the police aren’t exempt. The Greater Manchester force was recently fined £150,000 after three DVDs containing footage of interviews with victims of violent or sexual crimes got lost in the post.
OK, enough of the storm clouds. What’s the opportunity? For marketers, it’s a chance to build trust. Consent is the key. Each opt-in to marketing communication must be verified, unambiguous and recorded for reference as long as the data is kept. Keep in mind that consumers will have the right to withdraw consent at any point and that withdrawal must be adhered to. Hence the need to appoint a data protection officer to ensure compliance.
But once you’ve go that consent, make it work for you. Use it to show you better understand your consumers. Use it to serve them with more relevant information. To make them more engaged. To build their trust. The end game, as ever, is greater retention rates and increased ROI.
It’s encouraging to see this approach already paying off. Having cleansed their data by running opt-in only campaigns, the RNLI claims to have achieved three times the normal returns.
As the RNLI example shows, smarter brands are making the new rules work for them. The cold, hard truth is that there’s really only one way to see GDPR. An opportunity to show you better understand your audience and can keep them engaged with more relevant communications. The alternative simply isn’t an option. With just 12 months to go, it’s time to get ready.