What is GDPR?
GDPR means General Data Protection Regulation. It is a unified law that protects the data and privacy of people within 28 European countries. This regulation aims to give individuals control over what happens to the personal data they share with companies. GDPR requires businesses to explicitly get people’s consent before they can do anything with people’s information.
4 Effects of GDPR to Marketing
Marketers Can No Longer Use People’s Data for Multiple Marketing Campaigns
With GDPR, consent is a very important thing. It must be acquired unambiguously and never assumed.
Users often give their data to be included only in a single marketing campaign. However, before GDPR was in place, some marketers enjoyed what has come to be known as assumed consent. They used user data obtained through one marketing campaign for other campaigns that the user never signed up for.
Now, under GDPR, companies can only use people’s data for the purpose that they have initially consented to. If an organization wants to use people’s information for a different purpose, new consent must be obtained.
This affects marketing at a very high level. For the past few years, it was the norm for companies to grow their databases and use the gathered data in any way they wanted to. Now, GDPR prevents organizations from marketing to people who did not explicitly ask to be part of certain marketing campaigns. The law aims to stop the unethical use of people’s data.
Buying, Selling and Sharing Databases are No Longer Allowed Unless Approved by Affected Individuals
Sharing people’s data to affiliates is not exactly morally correct but has been a common practice in the past. GDPR puts an end to that practice. The only way for businesses to still be able to gather and share people’s information is if they ask for permission. And we’re not talking about just any form of permission. Manipulative consent forms are no longer allowed. No more pre-checked opt-in boxes and lengthy agreements full of corporate jargon. Companies must use simple words and clearly labeled forms to get their message across.
This affects marketers in a big way. The end result is that companies can no longer buy email lists. They can no longer market to a huge audience using generalized email marketing. Outbound calling and snail-mail marketing are also off the table too, unless people give explicit consent.
International Marketing Will Also Be Affected
While GDPR is only in effect in European countries, it also affects companies from abroad. Websites that are accessible by people from the affected countries are also required to align themselves with GDPR’s principles.
A number of popular sites from the US have already adjusted to GDPR. Some have even totally blocked access completely from the affected countries until they are able to make themselves fully compliant. Some are also redirecting European users to different pages that have been customized to stay in line with GDPR policies – meaning no ads and limited functionality.
Marketing Will Be Extra Difficult as Power is Transferred to the Consumers
With consent being treated with such high importance, people now have a real ability to say no to companies. Now that businesses are already required to use layman’s terms to explain their data usage, more and more people are expected to decline. This will ultimately reduce the number of people businesses can reach, eventually leading to profit loss. Making things a little bit harder to manage, GDPR also allows people to withdraw the consent that they have previously given to companies at any time.
Consequences of Non-compliance to GDPR
GDPR officially went into effect on May 25, 2018. Naturally, not every affected company has complied with the new rules. In fact, there are a lot of companies who are still unprepared for GDPR.
The main problem is that complying with the new EU regulation requires a lot of legal work, and, in some cases, modifications to hundreds or even thousands of web pages. How stringently the rule will be implemented is also vague. This has resulted in a low number of compliant companies. According to a survey from November 2017, only around 6% of North American companies were completely ready for GDPR.
Regardless of how difficult it is to align with GDPR regulations, companies are still required to comply. The stakes for businesses are high. Violating GDPR can lead to a fine of 4 percent of global revenues or €20 million, whichever is higher. Converted to US dollars, that is a liability of at least $22 million dollars.
The bottom line is that if you’re collecting data from users in the European Union, no matter where you might be physically located, GDPR compliance is not something you can afford to ignore.