This week, global digital marketing efforts are taking effect with the enactment of the GDPR. If you have been skimming through headlines related to marketing, business, or European news, you may have seen panics about the GDPR floating around.
GDPR is not as dramatic as it may sound in headlines, especially for businesses in New Zealand. However, small and large businesses globally may be affected by GDPR guidelines, and penalties for non-compliance can be pretty hefty. Learn the basics of GDPR and what you can do this week to make sure your business is following the rules now and in the future.
(Before we begin, let us remind you that we are a digital marketing agency based in Hong Kong, not lawyers. The advice that we are giving you is just the basics of GDPR, but it is entirely up to you to apply this information to your business and conduct further research about GDPR compliance.)
What Is GDPR?
GDPR stands for General Data Privacy Regulation. In 2016, the European Commission set standards for how the data of European Union citizens is collected and shared, in and outside of Europe. The Information Commissioner’s Office (ICO) has continued to make changes and updates to the GDPR rules, but the central goal of the GDPR remains the same. With growing concerns of cyberattacks, Internet crimes, and unethical transfers of data, the GDPR sets a tight and clear standard for the way businesses handle data. These guidelines stress the importance of transparent business practices and clear consent from users before their data is shared and stored.
The GDPR covers a range of topics related to data management, including:
- Access and portability
- Erasing data
- Safeguarding sensitive data
- Data transfer
Personal data includes:
- Address and location
- Online identifiers
- Health information
- Cultural profile
When Will The GDPR Go Into Effect?
New GDPR guidelines are going to be enacted on the 25th of May, but GDPR isn’t the race to the clock that most people are picturing it to be. Don’t believe the hype of consultants who are urging you to hand over your money now to ensure that your business is compliant by the 25th of May. If your business is a little behind in complying to GDPR guidelines, you won’t have to deal with massive fines. This is an initiative to protect citizens and educate businesses, not a ticking time bomb. Put compliance on your list of higher priority tasks, but don’t sweat over deadlines.
Even if you are caught not complying with GDPR rules, you are not going to be surprised with an automatic fine. Before you get a fine, you will receive a warning, reprimand, and then all of your data processing will be halted. Then you get a fine, which can be up to 20 million euros, or 4% of your annual turnover.
These fines are quite hefty, but if you follow the GDPR rules (again, best practices for marketing in the first place,) you won’t even get a warning.
Why Does GDPR Matter for Businesses in New Zealand?
The GDPR was not created by the New Zealand government. It does not particularly care about data protection for New Zealand citizens. It is an effort created for citizens of the European Union.
But, even if your business is based in New Zealand, you may have European subscribers to your mailing list or European customers. Any business, no matter where it is located or how big it is, has to comply by GDPR guidelines if they send or collect the data of EU citizens.
Understand GDPR guidelines and use them as a model for how you collect and send information to leads and customers. The Cambridge Analytica scandal and new GDPR rules are two events that may be followed with additional global efforts to make digital marketing efforts and data collection more transparent.
Internet users want to know what they are signing up for when they give out their contact details or personal information, and what your business intends to do with that data. This trusting relationship is the whole goal behind GDPR.
Say you are working to get more emails with content marketing efforts. Your business develops and distributes a useful eBook in exchange for an email address. Do your customers actually know what they are signing up for when they give you their email? Unless you alert customers that they are going to start receiving marketing emails or newsletters, they won’t know what is coming next. It’s important to give customers the choice to opt-in or opt-out of marketing efforts based on their intentions and interests.
Lead generation based on consent and transparency is good not only for the customers, but also for your business.
The Importance of Transparency
Just like any relationship, honest and transparent communication are key to building a successful bond with your customers. Studies show that 94% of consumers are more likely to become loyal customers if they know that a brand displays full transparency; 56% of consumers have reported that this loyalty could last a lifetime. Transparency applies to more than just products or the exchange of finances; personal information and marketing efforts have become more valuable to consumers as they spend most of their time making purchase decisions without human interaction.
What You Can Do To Make Sure Your Business Complies with the GDPR
If you have been practicing ethical means of collecting and sharing data, you might not have to do much in order to comply with GDPR laws. The ICO has a checklist offering 12 steps your business can take to ensure that your methods are compatible.
Evaluate your opt-in messages
One of the top rumours going around about GDPR has to do with alerting current subscribers about GDPR and consent. Marketers are worried that they will essentially have to redo all of their efforts to build their mailing list in an awkward way. Redoing these efforts may turn subscribers off, the mailing lists will crumble, leads will diminish…
…Don’t worry. Before you take any efforts to adjust your subscriber list or send out any updates, evaluate how you got contact information in the first place. If you got subscribers in an ethical way that complies with the GDPR guidelines, you should be fine.
The European Commission offers this advice moving forward for gathering information: “Use plain language. Tell them who you are when you request the data. Say why you are processing their data, how long it will be stored and who receives it.”
Evaluate methods for unsubscribing and opting out.
The big word on everyone’s mind is “Mailchimp.” Mailchimp is one of the top methods for managing and sending out email newsletters. If you are using Mailchimp or a similar management system that is trusted and used by many businesses around the globe, you may not have to worry about how users unsubscribe or opt-out.
When it comes to opting out, Mailchimp has you covered. Mailchimp emails have an opt-out button at the footer of each email, so interested subscribers can find a way to opt-out at any time. The opt-out process is simple and clear, which is exactly what the GDPR is looking for.
If you are managing email addresses on your own, and don’t provide an option to unsubscribe (or don’t take users who want to unsubscribe off the list,) then you might be in trouble. All you have to do to fit the guidelines is offer a clear and transparent option to users who want to unsubscribe.
Have a plan for data breaches
According to the GDPR, extra sensitive data (including information on health, race, and other demographic information) must be safeguarded for extra protection. Unfortunately, even if you actively work to secure your data, cyber attacks do happen. Transparency is key to not only complying with GDPR guidelines, but for ensuring that your customers don’t leave you after a breach. Addressing a cyber breach can be embarrassing and result in some backlash, but the backlash will be more intense if you keep breaches a secret or try to mitigate the situation. The GDPR suggests that you “inform people of data breaches if there is a serious risk to them.” Have this plan in place and accessible to members of your team before a breach even happens to be extra prepared.
If you are a larger business, reach out to a consultant
Small businesses who can analyse their mailing lists shouldn’t have anything to worry about, especially if they are dealing with a minimal amount of European clients. Large, global businesses, however, have more concerns. GDPR rules affect big businesses more, and are worth more of an investment (both time-wise and money-wise.) Our blog post just covers the basics; larger businesses should reach out to a consultant for information specific to their marketing efforts.
Want to learn more? Use these resources to make sure that your business is thoroughly processing data correctly.
This blog post was written by the team at Digital Squad, a top Hong Kong SEO agency.
Megan Okonsky is a copywriter and content marketing specialist with Digital Squad. She is originally from Philadelphia but has landed in Melbourne after traveling for eight months in Southeast Asia and New Zealand. She also teaches vinyasa yoga online.