GDPR Consent Must Be Given, Not Assumed

The new marketing paradigm has finally arrived at a new inflection point with the new General Data Protection Regulation (GDPR) which replaces the EU Data Protection Directive of 1995. And, thanks to the emergence of new marketing technology stack that empowers CRM systems to monitor, and store safely the abundance of third-party data. But, now marketers wonder about the implications of GDPR for marketing, and the way they do business.

The new Data Protection Regulation is a blessing for marketers. In fact, the EU regulation, which goes into effect in May 28, might actually be the regulation that all marketers wanted. It provides guidance to even better serve consumers when they want and where they want it. The GDPR regulation provides total TRANSPARECY and empowers consumers.

Now, marketers do not have to constantly worry about their communication becoming too intrusive, because the GDPR provides a mechanism for consumer to decide how they want to interact with the brand on their terms. And, new empowered-consumers who choose to OPT-IN and receive customized messages should be highly engaged and loyal with the brands they select. In fact, the GDPR basically requires companies to adhere to the same best practices that ethical marketers have been following for years. The GDPR regulation will only hurt business who do not respect the privacy of their audience.

CRM systems, marketing and advertising practices are built to collect and process big data. But, now a permission mechanism has to be put in place across all channels to ensure that consumers OPT-IN to receive communication on their terms. Mass-communication worked well in the past, but today custom-communication has become so popular and granular when engaging with consumers across multiple channels or devices, that people decide how a brand would interact with them based on their own preferences. Unsubscribing from emails is no longer enough. Rules have to be re-enforced across all channels of communication.

The Data Protection Act is underpinned by nine important principles. These say that personal data collected in the European Economic Area (EEA) must:

1. Be processed fairly and lawfully.
2. Be obtained only for specific, lawful purposes.
3. Repermissioning your customer database.
4. Be adequate, relevant and not excessive.
5. Be accurate and kept up to date.
6. Not be held for any longer than necessary.
7. Be processed in accordance with the rights of data subjects.
8. Be protected in appropriate ways.
9. Not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection.

First and foremost, are your pre-existing consents compliant with GDPR? If not, you cannot repermission across consent. In addition, you can only repermission those customers who have previously given their consent. Sending a repermission email to individuals who have opt-out is already a breach of existing rules. Under current laws you can approach B2B and B2C customers and prospects for consent as long as they have not previously opted out.

Then, if a company has already collected personal data records without adequate consent to satisfy what we expect to see from the changing data protection law requirements, you can remove completely customers whose consent you cannot demonstrate from your customer database. Or, another alternative is to implement a “repermissioning” strategy” and ask your current customers to update their marketing preferences in terms of communication.

In terms of ensuring GDPR compliance, establishing a mechanism that gives consumers a way to submit their preferences in terms of communication, and support requests for deletion is the easy part. Marketers must implement this functionality. But, the more complex issue consists of identifying the process required to ensure that consumers’ requests are honored. If the information about a customer is partial, or incorrect, this can make a delete request impossible. In such situations, you could fail to satisfy the consumer’s request.

The best way to ensure quality data is to use a compliant CRM system that integrates customer data platform, which automatically cleanse and deduplicate any new record coming in the system. The CRM system should be the central point of consumers information, making it easier for the company and marketers to access it and delete any record on-demand. So, it is key to eliminate siloed systems out of the hands of the marketer and puts it into a technology designed to create a single source of customer view. This gives marketers what they need to do their job right.

The GDPR brings the rigor that marketers have always wanted. There is no need to change marketing practices. But, GDPR compliance is an important step toward the right direction. Brands especially the ones acting on the B2C market should put together a cross-functional team of legal, marketing and technology experts to cover all aspects of the project to comply with the GDPR. That’s being said, the new law needs to be interpreted within the context of how a business operates. By doing this you will determine which risks are acceptable and which are unacceptable.

The GDPR will benefit your brand-consumer’s relationships, and it will help marketers more effectively advertise in the new business ecosystem because they will be reaching audiences that want to interact with their brands. If marketers communicate clearly about their brands and product, and if they use the right CRM system to gather and centralize data and collect consumers’ permission to communicate with them on their terms they will definitely succeed. Marketers may find opportunities to improve the way they operate marketing activities, and get a TRUE competitive advantage.

Also, here is the privacy policy I wrote to comply with EU Data Protection Directive of 2018. And, if you need more information submit your request or contact us at info@franckardourel.com, and we will get back to you.