GDPR - What does it all mean and why is it so important? • Peazie Digital CampaignsPeazie Digital Campaigns

GDPR. Those four letters that cause confusion. It may seem like it’s over and done with but, sorry folks, it’s not. It has changed the way data is and will be collected for good, and it’s staying. You should know, too, that even if you aren’t based in Europe, if you do any business with Europe at all, you need to comply.

Doing what we do (capturing and enriching consumer data) it’s a big part of our lives. So, we get it. Here’s a quick break down in case it’s still giving you a headache. Let’s strip it right back and do contact us if you need any more information – we’re always happy to chat!

What is GDPR?

Well, it stands for General Data Protection Regulation. It’s a regulation implemented last year (2018), put in place to strengthen and unify data protection for individuals within the European Union. It’s important to note, though, that this applies to anyone who is doing any business with the EU. So, pretty much everyone!

Why is GDPR now in place?

The reasons are twofold:

The previous data protection act (Data Protection Directive) was no longer fit for purposes as it was drafted pre-widespread internet use (1998). I know…life before internet…it’s a crazy thought
To give consumers more control over how their personal data is used

Ok, what classes as personal data then?

Name
Email
Home address
Gender
IP address
Income
ID numbers
Photos

Why should I care?

You could get fined up to 4% of annual turnover for breaches. Remember that huge case with Equifax where the personal information of 143 million consumers was compromised, and an additional 209,000 had their credit card data exposed? Well, they also failed to meet the 72-hour notification requirement of the GDPR when they made the breach public, which resulted in the fine being upgraded to the maximum penalty.
Potential reputation damage for your brand. Remember, a reputation takes a life time to build and a moment to lose.

So, are there any key points of the previous Data Protection Act that still stand?

Yes. There are. Everything still needs to be:

Fairly obtained
Captured for a specific purpose
Relevant to the purpose and not excessive
Accurate
Not kept longer than necessary
Appropriate measures taken against hacks (unauthorised or unlawful processing, accidental loss, destruction or damage)

OK, so, what’s changed?

GDPR has made many of these points more specific (particularly when it comes to data captured online) but the main new point to consider when it comes to marketing is CONSENT. Clear, active consent.

If you don’t have the right consent, your email marketing could breach GDPR.

Right. Consent. What exactly does that mean though?

Here’s a definition that might help:

“Consent must be an active, affirmative action by the data subject, rather than the passive acceptance.”

Or, more simply put – don’t make people feel like they’ve been tricked or misled.

What are some ways that I may have captured emails which doesn’t automatically mean I have consent to contact?

They’ve bought something from you in the past
They’re a member
You’ve bought an email list
They’ve previously entered a promotion or competition
Entered their email to sign up to wifi

What’s the best thing to do if I’m not sure my database has given me consent to contact?

You may need to delete your database if you’re unsure about the permissions captured to date
Re-seek permission – in a way that is absolutely GDPR compliant. You can just ask
Talk to us about our data health check solutions

Important to note: You must keep a record of how and when an individual gave consent, and that individual may withdraw their consent whenever they want.

But, I still want to build my database. What’s a good way to get people to give me their data going forward?

Value exchange, value exchange, value exchange! If you offer something your audience deems as great value, then consumers are often willing to opt-in to receive future information.

In fact; we’ve found they’re even willing to recruit in friends who also opt- into future communication. Just like a campaign we ran for Le Tan using our Buddy Builder mechanic. We captured:

1,800 highly qualified new leads
50% of entrants recruited a friend
54% conversion rate on the microsite
Zero media spend to acquire the new leads

How else can I convince people?

Well, be honest and relevant. Tell them why you want their information, and what you’ll be using it for. For example, if you want their birthday, tell them you’d like to send them a gift at that time each year.

When you’re trying to get someone to give their data, it’s going to be a hell of a lot easier to do if you convince them what you are going to send them is relevant so, make sure you’re strategic with your communications – think a carefully planned EDM campaign to welcome them onboard. Give them the information they will find useful.

So, as a data capture company, you must have it down pat! What have you done to make sure the campaigns you run are compliant?

Well, there are a few things we have put in place to make sure we are adhering to the new legislation:

We capture the data with explicit consent so it adheres to the GDPR rules
It is fairly obtained
It is fit for purpose
We updated our privacy policy so it’s fully compliant
All data captured by our platform are hosted locally, with the highest level of recognised security measures in place

We data, differently by capturing and enriching consumer data via exciting digital campaigns. Get in touch today to find out how we can help you.