The General Data Protection Regulation (GDPR) goes into effect on May 25, 2018. Created to provide more control and better privacy protection to European Union residents, the GDPR compliance regulation affects all companies that are either marketing to or collecting data from EU consumers.
What US Marketers Need to Know?
Even if you work on US brands, your marketing may still be reaching shoppers from the EU—in fact, the terms used in the legislation are “data subject” and “natural persons,” which include non-citizen residents of and visitors to the EU for the duration of their stay. Therefore, consider that your next email promotion could reach U.S. citizens who are traveling or spending time living abroad and be subject to this legislation.
Also keep in mind that the GDPR can apply to brick-and-mortar as well as e-commerce. For example, shoppers paying with a credit or debit card, providing personal information such as a name or shipping address, or participating in a customer loyalty program can all fall under GDPR protections.
As far as financial penalties, non-compliance can lead to a maximum penalty of 20 million euros or 4% of your total global revenues, whichever is greater.
What Can Shoppers Do?
Previous data breaches and cyber attacks have affected billions of people, generating viral media attention. According to the 2017 State of Consumer Privacy and Trust survey, 69% of consumers were concerned about security and privacy with Internet of Things devices.
With this new legislation shoppers will be able to request that their personal data be erased and no longer processed by third parties. It will be important for brands and retailers to be able to accommodate new shoppers driven requests and inquiries.
What Should Marketers Do?
To account for these changes, marketers should consider conducting an audit to ensure their current marketing platforms and initiatives are GDPR compliant. Some items to pay special attention to when determining any required changes are digital fill-in forms, proof of consent for engagements and data collection, and lead scoring.
If you are unsure of or not willing to move forward with a robust GDPR compliance plan, consider removing all EU consumer data from your databases and ensure your program collects consent moving forward.
Can I see an example?
Many companies have already responded to the GDPR, as you may have noticed when seeing new pop-ups on websites that ask for consent to collect data or when signing up for a new customer account.
Walmart Canada makes it clear to shoppers that signing up for emails is completely optional when creating an account online: see here. The form shows an active email opt-in with the word "optional" in parentheses and explains the type of content subscribers may receive. In comparison, the form on Walmart's U.S. website also shows an active opt-in, but with much less detail: see here.
While there may be some uncertainty right now, responding to the GDPR will be advisable: Correcting bad data collection practices and enforcing transparency can enable more personalized and meaningful relationships with your consumers and shoppers, wherever they may be located.
For more information, an official PDF version of the GDPR can be viewed here: https://gdpr-info.eu/.
Contributed by: Nina Bressau, Integer Dallas
Image Source: Unsplash