What Marketers Need to Know About GDPR

The industry is abuzz with how the General Data Protection Regulation (GDPR) will change the way organizations interact with their customers in the European Union. 

Many organizations headquartered in the EU or with a significant customer base overseas have been working on GDPR changes for months while others are unsure how this impacts them. Do you fall into the latter camp? If so, read on to learn why GDPR matters to marketers no matter their geography and find out how you can adjust your marketing plan to comply.

GDPR is a newly minted European Union (EU) regulation that is replacing the 1995 EU Data Protection Directive. The regulation's goal is to significantly enhance the protection of personal data from European citizens and place more stringent rules on those who handle that data.

Once the changes go into effect on May 25, 2018, organizations will no longer be allowed to collect, process or use an EU citizen's data without explicitly asking for consent and providing context on how the data will be used.

This rollout will impact data management and marketing across the European Union and the world and organizations need to implement changes now to avoid penalties later.

We've compiled the below Q&A to help explain what this shift means for you.

Download our Guide to Updating Your Marketing Strategy for GDPR

Who's Affected by GDPR?

As expected, this impacts organizations located within the EU, but it also impacts companies located elsewhere (i.e., here in the U.S.) who conduct business and offer goods and services to contacts in the EU.

For marketers, this is a pivotal moment in our history. We're facing unprecedented changes to how we collect, process and use customer information and we're likely to see a shift in marketing trends overall.

Interestingly, with a lack of regulation in the U.S., many organizations are choosing to roll these changes out across the board with all of their contacts, not just those located in the EU. Despite the loss of some contacts, those who take this route will create stronger connections with audiences who choose to opt-in and are likely to improve their data quality, boost their reputation and improve engagement rate.

GDPR outlines two groups who are impacted by the new regulations: data controllers and data processors.

  • data controller is a person or organization who "determines the purposes and means of the processing of personal data."
  • data processor is a person or organization that "processes personal data on behalf of that controller."

In our case as an integrated marketing and PR firm, Pierpont is a data controller because we collect data from our contacts and clients. Our CRM provider is a data processor because it stores our data.

What Counts as "Personal Data"?

Anything that could be used to identify a person, such as their name, a photo, their email address, social media data, IP addresses, device ID, cookies, medical history, etc.

This essentially covers any data that you might collect through an event, lead generation, social media and other marketing/sales activities.

What Marketing Channels Could This Impact?

These changes will fundamentally shift data-driven marketing and we need to get smarter, more relevant and more organized with how we're reaching consumers. The major changes for marketers will occur in email marketing, lead generation/nurturing and digital advertising.

It's no secret that almost everything we do is tracked online and used to provide targeted advertising as we move from site-to-site. With GDPR in place, any ad provider or publisher that tracks a user's cookies for advertising purposes will need to request permission to do so. This can be done via pop-ups, subscription requirements, etc., but will likely deter traffic and click-throughs for some publishers.

Fortunately, large ad providers, such as Google and Facebook, are already making changes to how they process data and advertise to consumers because of GDPR. Receiving opt-ins is more straightforward for these platforms and we're not likely to see a huge dip on these channels. One area to be cautious of here is with tools like Facebook's Custom Audiences where you can upload a customer or prospect list for advertising purposes. In cases like this, you'll need express permission to advertise to those contacts.

From an email marketing and lead generation standpoint, current databases will need to be scrubbed and landing pages and form fills must follow compliance measures. Overall, it will be more difficult to drive new audiences to your channels and then more challenging to convert those users once they get to your site.

Because of these industry changes, we need to consider other methods of reaching audiences that focus more on relationship building. We're likely to see an increase in inbound marketing programs and content-driven campaigns that encourage opt-ins as well as increased public relations and awareness programs.

What Happens if I Don't Comply?

According to the EU GDPR, organizations can be fined up to 4% of global revenue. However, fines will vary depending on the specific transgression.

Help! I'm Still Confused

We know this is complex, confusing and likely a bit worrisome. Fortunately, GDPR has provided several resources with additional details. 

You can also download our Guide to Updating Your Marketing Strategy for help in revising your plans and complying with GDPR.

GDPR extends far beyond marketing data and it's important to conduct further research on the topic as you begin making the transition. It's also wise to reach out to your IT, sales and recruiting departments and keep your leadership and legal teams in the loop to ensure you're working together to integrate these changes.

Kristen James leads Pierpont's digital practice and manages marketing and communications programs for clients across industries including technology, financial, retail, healthcare, professional services and more.