Does it affect you? Heath Barlow explains Europe’s GDPR and what it means for Australian marketers with operations in Europe.

The General Data Protection Regulation (GDPR) is a new data protection law coming into effect on 25 May. It was created to protect EU citizens from privacy and data breaches but it will impact organisations far and wide if they have an establishment in the EU – Australian businesses included.

There has been a lot of scaremongering about this legislation. But the reality is, GDPR is nothing more than a way to help consumers reclaim their data. For brands, and more specifically marketers, GDPR will change the way we communicate with clients, and how we handle data. 

The state of data in marketing today

As marketers, we don’t own customer data – we borrow it. Customers lend it to us with the trust and expectation that we will use it to provide them with personalised and relevant content that delights them to the point of purchase. The challenge however, is that too many brands are exploiting customer data; selling email lists; opting customers in for dozens of email communications; and not providing safeguards for consumers to opt out or be forgotten.

 Ultimately, GDPR is meant to protect consumers and allow them to have a say in how their data is used. It will reduce the risk of personal information being exploited or misused by limiting the amount of data that may be collected by companies, the way it can be used, and the amount of time that it can be stored.

The impact of GDPR on marketers

With added regulations coming into play, Australian marketers can expect a lot to change in the way they are acquiring, handling, and using EU data. Here’s what marketers should be aware of and how they can prepare for the upcoming changes. 

1. Collecting data: for starters, the way marketers collect data will shift. Currently, marketing can rely on a pre-checked box to collect consent for marketing communication. But under the GDPR, that will no longer be an acceptable way to collect data. As the GDPR requires that consent is ‘freely given, specific, informed, and unambiguous,’ marketers must now be more deliberate in the way they are opting consumers in.
2. Consent requirements: clear consent is a more stringent requirement under the new GDPR. Marketers will not be able to hide consent for data processing with generic statements like ‘we may process your personal data to improve our services.’ For consent to be considered valid under the new regulations, marketers will need to clearly indicate what personal data will be processed; how, when and who will process it; and for what purpose.
3. Breaking down valid consent: GDPR applies to all new and existing data. If requested, users will be required to prove that they have consent to use personal data. For marketers this means being able to provide an accurate and up-to-date breakdown of new, current, lapsed, active, and inactive customers and email subscribers. Marketers must be mindful of how long their relationship could be considered valid. In addition, they must be prepared to prove consent among the aforementioned groups whose data they want to hold on to.
4. Proving consent: under GDPR, marketers must prove consent before sending any communications to contacts. Consent applies to all data collection practices including offline methods such as mail and telephone. When collecting data and consent, marketers must ensure they capture and store the date and time of consent, method of consent and a referential copy of the sign-up form, including its wording.
5. Privacy policy: as previously mentioned, GDPR will require greater transparency from marketers around consent. They will have to ensure that the individual is giving you ‘informed consent’ and that those individuals understand who they are giving consent to and why their data is being processed.
6. Marketing to an existing database: before sending any marketing communication to an existing database, marketers will need to make sure that all that data is compliant with GDPR. This includes checking that there are existing consent records that prove marketing had permission to send communication to each individual contact. This permission needs to be explicit across each channel, not just email.

GDPR is serious business. Organisations will face fines of more than AU$30 Million, or 4% of their annual global revenue, for non-compliance. However, it’s not all doom and gloom. The GDPR is an evolution in data protection and is meant to put consumers back in control of their data. Companies already obeying existing data protection laws, are most likely well on their way to compliance.

 The most important thing for Australian marketers to action in light of GDPR is to take the time to educate themselves about what it is, and what its implications are for their own operations. Working closely with many Australian businesses on the management and use of their data, it is clear that many businesses are still not aware of the legislation. While it will largely only impact Australian businesses operating in the EU, being aware of whether it impacts your business and ensuring that your marketing activities and the way you communicate with customers align with its requirements is critical. 

For marketing specifically, GDPR is another opportunity for optimisation. In countries with strict data protection laws already in place, we often see better results from marketing efforts. That’s largely due to the fact that marketers are using good quality data where the individuals have been well informed about the use of their data. Those that embrace the GDPR legislation in Australia will be in the same boat; experiencing increased engagement and results this year.

Heath Barlow is market lead for Australia at Emarsys.

Image copyright: antartis / 123RF Stock Photo