What Digital Marketers Need to Know About the New EU Regulations
GDPR stands for General Data Protection Regulation and is a piece of European legislation that dictates how user data should be handled by companies and organizations in the EU. If you are a digital marketer based in the US, try not to tune the news out as there is a good chance it will impact your work. The regulations state that anyone ‘processing the personal data’ of any person living in the EU will need to comply or face legal and financial action.
Quick note: While we hope this overview gives you a sense of how you might be impacted, be sure to seek legal advice if you have specific questions about how the GDPR applies to you.
The GDPR mandates that an organization’s practices and policies must give users control over how their data is collected and ultimately used. This includes sending notifications in the event of a data breach (or hack), the user’s right to their data and for that data to be deleted, and a proactive stance on privacy and security. Specifically, the new regulations cover the following areas:
At first glance, the GDPR regulations may seem overly restrictive or disruptive to marketing efforts, but take a moment to stop and consider how you would like your personal information to be handled. The GDPR simply ensures anyone handling user data does so in a responsible and respectful manner. After the dust finally settles, we may even see a reduction in the use of dark patterns and a better web for everyone – even digital marketers.
What ‘compliance’ means will really depend on how a site is built, what third party tools are utilized, and how data is managed. For example, a typical WordPress site might collect user data through online registrations, comment areas, contact forms, checkout flows, usage analytics, digital advertising, or security tools. To help facilitate the more technical aspects of the GDPR, WordPress has recently added new GDPR compliance tools and many plugins are updating to piggyback on this system. (There are also a variety of plugins that can assist with GDPR compliance in other ways).
Failure to comply with the GDPR can result in hefty fees, as well as more indirect problems such as reputational damage, requiring a potentially larger investment to recover your brand equity. Facebook has already taken some heat for how they handled the GDPR opt-in, while others simply shut down all activities in the EU due to the cost of compliance.
Going forward, a general rule of thumb should be to only collect data you plan on using. State in plain terms what types of data you are collecting and how it will be used. This may mean updating your privacy policy or modifying forms so that any additional data uses, like subscribing to a newsletter when completing a purchase, are clearly defined for the user and require active consent.
The GDPR ultimately comes down to being respectful and protective of user’s personal data. Use this as an opportunity to show you deserve your user’s trust – it will go a long way towards creating a deeper connection with your brand.