GDPR went into effect on May 25. With significant penalties for non-compliance, and the fact that any organisation that communicates with people in the EU will have to comply, there was a lot of discussion in the run-up to the enforcement deadline. There continues to be a lot of discussions well after. Many companies are still struggling to comply with the regulations and have questions about various aspects of compliance. What are the regulations? What do we do if our company is not ready for GDPR? Does GDPR affect other departments aside from marketing? How do we build campaigns that help gain compliance?
ON24’s Insight50 Ask About: Regulation webinar addresses these questions and more. Webinar panelists Abigail Dubiniecki, senior lawyer and specialist at My Inhouse Lawyer, Richard Preece, Director at DA Resilience and Zach Thornton, External Affairs Manager at the DMA shared their knowledge and expertise to answer questions and discuss the various aspects of GDPR and what it means to companies.
Here are just six key takeaways from the webinar, moderated by Andrew Warren-Payne from Market2Marketers.
If your company is not 100% compliant with GDPR, you are not alone. Of the webinar attendees, 48% reported that ‘We are not fully compliant but are taking steps towards it’ when asked ‘Where is your company in terms of readiness for GDPR?’
On this note, one important question came from the audience: if your contacts have not opted in by the 25th May deadline, does it mean you can no longer contact them? According to Zach Thornton, if your company is already abiding by opt-in consent rules and you have a continual engagement or relationship with your customer, this implies continual consent making renewal of consent unnecessary. He believes that companies going through this re-consenting process are wasting resources and might needlessly be keeping in touch with contacts that are consenting to receive marketing.
If you are feeling a bit behind on GDPR compliance, don’t panic. Abigail Dubiniecki, from My Inhouse Lawyer, advises not to panic and to think before you act. She has a Five-Step Procrastinator’s Checklist that can help you towards compliance.
- Know the law
Get on the ICO website and familiarise yourself with the following guidelines and tools:
- Know your data
Know what kind of data you have. This is important because, as Dubiniecki says, “You can’t do things properly if you don’t know what you have.”
- Know your legal justification and your purpose
Segment your database and identify what the legal justification is for having those contacts. You’ll want to know the following information about your contacts:
- Preference they have
- Purpose you are allowed to market to them
- Trim the fat
This is where you want to use your metrics. Find out how much engagement you have had with your contacts. From that point, you can purge those contacts that do not engage.
- Go forth and market, but do it appropriately and maintain good practices
Establish workflows and make sure you have a record of processing activities. Most importantly, make sure you train those people involved in these workflows and processing activities.
Many of the webinar participants polled (39%) are not sure whether GDPR would be good for business. However, the majority (54%) felt that GDPR would have a positive effect on business.
This positive outlook on GDPR’s on the state of business is refreshing and in line with the advice given by Zach Thornton. He suggests that companies make privacy a positive. Transparent, common-sense guidance allows companies to address customers’ concerns about their personal data and let customers know that they are in control of how your company uses their data. Privacy can now be a company’s unique selling point.
A good example of an organisation making privacy positive is the BBC, which uses a layered privacy approach. This method provides the most important information to the contact first at the top layer (for example, on a sign-up form); thereafter, each layer of additional information gets more detailed but still gives a clear explanation as to how that information will be used. This approach makes it easier to explain privacy information for the average person.
Not surprisingly, email is believed to be the marketing channel that has the greatest amount of risk in reference to GDPR. Webinars were seen as the lowest risk.
But while much talk has been on marketing practices and channels that will fall under the scrutiny of GDPR, what about sales activities?
As Zach Thornton explained, because GDPR applies to the processing of personal data that can be linked back to an individual, it does apply to sales activities such as cold calling, contacting prospects via social media such as LinkedIn as well as the use of email prospecting tools. It is important to note that GDPR also applies to human resources, IT and any other department that processes personal data.
So how can marketers design their campaigns to gain compliance? According to Abigail Dubiniecki, the answer is to design marketing campaigns that establish a reason for engagement and encourages the development of relationships. If marketing efforts, such as webinars, are created around the idea that people don’t want to miss out and the excitement of being part of something interesting, people will sign up so they can be notified of upcoming events. If you deliver value, compliance will follow
The last takeaway from the webinar is one to keep in mind—compliance does not end; it is an endeavor. As Richard Preece explained, compliance is an ongoing process. It requires you to challenge the way you do things, to understand the risk and have a clear system in place. This system will allow for continuous improvements and adapts over time to the needs of your business.
If you want to know more, the ON24 Insight50 Ask About: Regulation is available now on-demand.