GDPR For Marketers: How the New Law Affects Personalization
GDPR helps increase transparency and trust. Here’s what you need to know to stay compliant
For online marketers, General Data Protection Regulation (GDPR) has been creating quite a stir.
This new EU law, which will go into effect on May 25, 2018, is designed to give individuals more control over their personal data.
It affects how companies gather and utilize information from their website visitors, prospects, and customers.
In short, marketers aren’t allowed to collect, store, or use the personal data of any European Union (EU) citizen without an explicit consent.
The key areas covered by GDPR include breach notifications, right to access, right to be forgotten, data portability, privacy by design, and the appointment of a data protection officer.
GDPR In the age of personalization
What does GDPR mean for marketers who use a data-driven approach and personalization technologies in their marketing strategies?
Here are a few critical GDPR concepts you need to know when collecting information and obtaining consent:
Legitimate interest
You don’t need permission to obtain or use personal data when there’s legitimate interest behind the request for the information. For example:
- When a visitor comes to your website and you need to present personalized offers so that you can market to them efficiently.
- When a shopper is making a purchase and is expected to provide relevant information to complete the transaction.
Permission required for everything else
You can only collect data without explicit consent for the “main action” that visitors are expected to accomplish by providing their information. For anything else, you need permission.
For example, when a customer makes a purchase on your website, you don’t need consent to get the information required to complete the transaction. However, you do need permission if you want to add them to your email list or obtain additional information to personalize marketing messages in the future.
Individual rights
GDPR covers several individual rights, including the right to access, the right to object, and the right to erase.
Under the right to object, individuals can request a company to permanently stop all permission-based marketing and personalized communications. Under the right to erase, individuals can ask to have all their data deleted and be treated as a new user whenever they visit your site. This implies, that on their next visit, they will not see any personalized content.
Make GDPR work for you
GDPR helps increase transparency, which will ultimately help you cultivate more trust with consumers.
Most consumers appreciate personalized content and they’re willing to provide their information to the business that they trust.
Becoming GDPR-compliant offers an opportunity to clean up your database and obtain the necessary re-permissions.
The process will help you better utilize the existing GDPR-compliant information to segment your audience, create highly targeted groups, and distribute personalized content.
Your liability increases as you collect more data. You should get clear on your personalization strategy and only ask for data that is necessary for effectively communicating with your customers and serving them better.
In addition, ensure that you’re storing the data in a secured centralized customer database so that you can manage the safety of your customer data while leveraging them effectively for your marketing initiatives.