What Marketers Need to Know About the GDPR On May 25, 2018, the European Union will officially be...
In many ways, 2018 has been the year of data privacy. Data breaches at Facebook, Google, LinkedIn, and elsewhere have dominated the news. It’s no surprise that protecting sensitive data is on the minds of consumers, businesses, and lawmakers alike.
On the legal side, the European Union enacted the Global Data Protection Regulation, or GDPR, on May 25th 2018. These enhanced privacy requirements have impacted any company that deals with the data of European citizens, and compliance can be time-consuming and costly for many companies. The U.S. has even been influenced by the GDPR — similar data privacy legislation has been enacted in California.
High-profile data breaches are also forcing businesses to examine their data privacy practices. Recent events like this one (where Google exposed the private data of hundreds of thousands of users on their Google+ network, then decided not to disclose the issue) have highlighted an important question in the marketing world:
How can my company smartly deploy digital programs that balance marketing efficacy against personal privacy?
It’s a question we’ve had to answer here at Parallel Path, and it’s on the minds of our clients, too. If you’re looking to strike the perfect balance, keep reading to learn about conducting data audits, vetting third parties, maintaining transparency with consumers, and other important considerations.
Weaving data privacy into the fabric of digital marketing programs
Today’s marketing landscape is all about data. We rely on it to provide relevant messaging to consumers, deliver quantifiable business value, and so much more. In light of recent data breaches and malpractices, protecting personal data is also paramount, and here are some of the steps you can take to beef up data protection.
Do a data audit
First, you need to understand what personal data your company holds and processes, including where it came from, how it was obtained, and who it was shared with. This quote from Rob Perry, Vice President of Product Marketing at ASG Technologies, offers a helpful summary of why data audits are so vital:
“To prepare for stricter data privacy laws, marketers should first determine what data they have and how it’s being used. Both GDPR and the California Consumer Privacy Act of 2018 require organizations to obtain consent from individuals to collect and use their data, and then disclose how their organizations will use that data. Of course, to do this, marketers must know what sort of information they currently have.”
Review, and potentially edit, privacy communications
If your website collects visitor data, privacy notices should be updated. You’ve likely seen footers about privacy policies and terms & conditions on numerous websites recently, with requests to review and accept the policies. These are designed to obtain and record consent.
Post-GDPR, Parallel Path reviewed its own privacy notices — if you haven’t reviewed and accepted the terms, navigate to the homepage to see the notice.
Create a data privacy compliance plan
To protect data rights, implement internal procedures that address things like how personal data will be deleted and how requests for records of personal data will be handled.
A compliance plan should also document the legal basis for processing personal data. If your company will be handling the data of EU citizens, a compliance plan is imperative to avoid a potentially costly fine.
Vet all third parties that handle sensitive data
Most data breaches happen as a result of third-party practices. In fact, they’re the most expensive incidents for businesses of all sizes. Point-of-sale systems, chat and customer service tools, servers, and many other systems can be vulnerable to hackers.
Simply put, these services represent an easy way for cyber attackers to gain access to troves of personal data. Your responsibility to protect data doesn’t end with your own network, and it pays to review the security practices of any third-party vendor that’s engaged.
Above all else, aim to be as transparent as possible
The guidelines suggested in this post might seem daunting, but each suggestion represents a dedication to data transparency. If your goal is to build relevant relationships on a foundation of trust, you must be transparent about what data you’re collecting, why it’s being collected, and how it will be used.
Digital marketing shouldn’t be secretive or confusing. It should be used to deliver value, and transparency around data privacy practices is a win-win for consumers and marketers alike.