GDPR and its impact on Digital Marketing

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for collecting and processing personal information by companies from individuals who live outside the?European Union?(EU). The regulations became effective in 2018.

They are aimed to give users more control over their data & make the companies accountable for handling their information. It applies to any website/platform that attracts European visitors irrespective of their domain of operations.

What is personal data according to GDPR?

Personal data is any information related to an individual who can be directly or indirectly identified. Names, email addresses, location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be personal data.?Pseudonymous data can also fall under the definition if it's relatively easy to ID someone from it.

The regulations are based on seven legal principles:

1.?Lawfulness, fairness, and transparency?— Processing must be lawful, fair, and transparent to the data subject.

2.?Purpose limitation?— You must process data for the legitimate purposes specified explicitly to the data subject when you collected it.

3.?Data minimization?— You should collect and process only as much data as necessary for specified purposes.

4.?Accuracy?— You must keep personal data accurate and up to date.

5.?Storage limitation?— You may only store personally identifying data for as long as necessary for the specified purpose.

6.?Integrity and confidentiality?— Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g., by using encryption).

7.?Accountability?— The data controller is responsible for demonstrating GDPR compliance with these principles.

An overview of the impact of these regulations on various stakeholders will help us understand it better:

Impact on users:

The regulations provide a set of rights that will give them significantly more control over their data & the ways it is used. These rights can be broadly classified as follows:

1.?The right to be informed: Users have the right to know what type of data is being collected, why it is needed, the legal basis for it, how it will be used, and with who it will be shared.

2.?The right of access: Users have the right to access their data within a company & know about any kind of misuse or data leaks

3.?The right to rectification: Users can ask to correct their data if they believe their data in a system is incorrect

4.?The right to erasure: Users can request to erase their data from a system. Companies have to provide appropriate means and oblige to these requests.

5.?The right to restrict processing: Users can request to stop processing their data for marketing or other communication.

6.?The right to data portability: Users have the right to move all of their data from one system to another.

7. Rights concerning automated decision-making and profiling.

These rights empower the user to control what type and how their data is used. Users can opt out of a system/ a specific process and even completely erase their data from it.

How does it impact marketers:

GDPR places massive obligations on marketers in terms of collecting & using user data. There are three key aspects of GDPR that impact marketers:

1.?Establishing the legal basis for processing

2.?Getting user consent

3.?Facility for users to opt-out

The law identifies six bases for processing user data:

1.?Consent

2.?Contract

3.?Legal obligation

4.?Vital interests

5.?Public task

6.?Legitimate interests

Out of these, Digital marketers need to be concerned with Consent. Companies need to seek Consent for collecting & every form of data processing. The Consent has to be

1.?Granular

2.?Affirmative

3.?Freely given

The previously followed techniques of implied Consent for SMS & email marketing when customers place an order or pre-checked checkboxes to gather Consent will be in violation of the rules.

The law also requires the companies to provide an easy opt-out option under the rule that Consent needs to be given at all times of user engagement & not just sign-up.

An example of taking Consent at a granular level can be:

The following aspects of digital marketing will see significant changes under GDPR:

Targeted ads:

Data targeting, including location targeting and geofencing, allows marketers to?use data to deliver ads that are specifically tailored to customers' interests. For example, if we shop at a "Westside" store, the company can market its offers & sales using personal data.GDPR makes such types of activities increasingly difficult as the data has to be collected & processed according to regulation with proper Consent.

Contextual advertising without using any personal information can be the way ahead for efficient marketing with GDPR guidelines. Does not use any personal data.

The best way forward is to take user consent for not just emails but also for targeted ads based on activity and information.

Chatbots:

Chatbots are an increasingly popular tool for digital marketers. Given customers like them & they reduce cost nearly by 30%. Companies using chatbots for consumer interaction need to figure out the What & why of the data that will be collected through them.

Publishing the "Chatbot privacy policy" and getting user consent for it before any interaction can be the best way forward.

Affiliate marketing:

Even though no specific clause of GDPR targets affiliate marketing, the regulation includes all data processors and controllers. Companies need to consider any type of personal data the same way as they need to for any other type of marketing. Companies need to get explicit Consent on collaborations for affiliate marketing

Penalties:

Steep fines can be levied on companies that do not comply. The fines can go up to 20 million euros or 4% of annual global turnover. Few renowned companies have already been fined under this law.

British Airways: More than 200 million euros

Marriot Hotels: ?More than 100 million euros

Google Inc: ?50 million euros

The key points that companies need to follow for them to be GDPR compliant are:

• Don't market to people who don't know?they're being marketed to, and you can't market to people?who haven't given you permission?to market to them.
• Getting explicit consumer consent should be the first & foremost thing. This Consent should remain valid throughout the engagement.
• You need to?let customers clearly know?what they're consenting to and an easy way to take away this Consent.
• Maintain clear documentation of all the consents & engagements with your users.?