As the date for European Union’s GDPR approaches (fifty two days and counting), anti-SPAM is evolving from management of “how a company communicates via email” to “how a company ensures the rights of their prospects and their data”. In other words, it’s not just about emailing people, it’s about whether or not a company has the right to collect data on those people.
I’ve been listening to viewpoints on GDPR from clients, legal experts, and the media, and while it is too early to call, it seems like B2B companies are focusing on the following:
GDPR says that privacy policies must:
While it is usually associated with the healthcare industry, “first, do no harm,” can be applied quite nicely to privacy preparations. Above all else we should protect a person’s data, as the impact on them could be severe. Consider the high-profile data breaches that we’ve heard about from companies like Equifax, Home Depot, and Staples, where thieves stole credit card information, SSNs, and other financial data.
While it is true that the data collected by B2B companies may not be as sensitive and damaging to individuals were it to become publically known, shouldn’t our primary jobs as marketers be to earn the trust of those people we hope to do business with?
To prepare, think about the data that you need to conduct business with people, and then ask yourself how much of that is really needed. Only keep what you can use, and protect what you have.
The GDPR regulations require that all information from EU residents must be collected with consent, regardless of where the data is collected from. Consider all the routes that information makes its way into systems, including forms, lists, partner processes, CRM systems, and email referrals.
This means that consent must be obtained and recorded from each source. For example, if a list collected from a trade show organizer is given to company ABC Corp, then the people on the list must give consent for ABC Corp to use their data, and ABC Corp should record that consent on the person’s data record.
Interestingly enough, legitimate interests include both the interests of the subject of the data, and the interests of the company that would sell products or services to them. Here are some possible examples that might constitute “legitimate interests”:
GDPR is not the first privacy regulation, and it will not be the last. Privacy is important and companies should not wait to react to it, but get out in front of it now. View GDPR as an opportunity to get your “privacy” house in order.
Marketers can start to configure their marketing automation, websites, CRM, and other systems now, so that GDPR infractions do not become an issue later. Digital Pi has undertaken the task of designing and building the technology and processes required by its client companies, so that they can comply with data and communications regulations in all the countries that they transact business in.