The General Data Protection Regulation (GDPR) was enforced in the spring of 2018. Now that we have had a year to get to know what it means and how it affects the digital realm, it is time to take a step back and look at its consequences and influence from another perspective.
Since then, we have seen a number of data privacy scandals such as the Facebook–Cambridge Analytica data harvesting, that have increased the customer awareness of the importance of personal data protection. All of this had caused more jurisdictions to bring their own laws and regulations to the market.
This has put marketers across the globe in front of a difficult challenge. They need to be able to provide a trustworthy experience without compromising the personal data of the customers. If you are reading this, you are probably among the millions asking themselves: how to make it work? Read on for some valuable insight.
Take inventory of your data
Before you even begin with the implementation of new policies, you need to go through the data you already have and see how it is being used. Most small businesses use Excel or similar spreadsheet software for data collection, at first. If you are among them it will take some time to get through everything. If you have used customer Relationship Management (CRM), it will be easier to take note of everything you have. After you identify the data you have, analyze the previous practices in your company for using this information.
Some regulation acts will require the disclosure of these actions from the past, so you should be prepared for that.
Adhere to the highest standards of privacy
While the European Union’s GDPR doesn’t have as much impact in the United States, for example, it has left its mark on businesses outside of Europe, as well, and it will, eventually, become a model policy for many jurisdictions.
Complying only with the regulations of your specific region could put you in a bad position globally, and it could be only temporary, as your state could enforce similar rules in the near future. Also, trying to follow the rules on a case-to-case basis will only bring more complications to your marketers and IT department.
That’s why it is best to follow the toughest rules and avoid all future problems.
Know your regulations
However, even if you decide to comply with GDPR rules, which are very tough, this doesn’t have to mean you are compliant with, let’s say the California privacy act, which is set to be enforced in 2020. Unfortunately, digital marketing in the age of data privacy requires constant learning. If you are not careful, you may end up breaking some rules without being aware.
Human needs top data, always
With the convenience of data-based marketing, marketers seem to have lost the idea of what should be the primary goal of a marketing message. Humans are the ones you are speaking to. While you can and should make data-driven decisions (quantitative and qualitative data which will point out to customers’ needs), you should center data collection on customers’ intent and the purpose of your business.
To extract genuine value from your data you should set clear objectives (e.g., increase the number of clicks, getting more leads) in front of your marketing team and define performance indicators. Ask questions you want to see answered so that the data analysis team can focus on what’s important. The analysis is the tricky part. After the data is covered and the most relevant parts are marked, there is a need for a team that will approach it from the human side of view. The average age of your customers means nothing if it is not combined with their interests and observed through the prism of their wishes and needs.
For example, by analyzing the demographic data, you can determine and target the customers who have switched home, and offer them services close to them. Weather data for specific locations can help clothing stores target the right customers with seasonal clothes, etc.
The idea is to understand that you do not always need personalized data to provide personalized experiences. Personalized experiences are best created with real persons with empathy for the problems of your customers, so your employees will be the key.
Your company should be the temple of privacy
Every company has its rules and culture. All the employees, not only the marketers, need to be aware of the importance of privacy. All it takes for a scandal breakout is one person who is not doing his/her job properly or responsibly.
Remember the formerly successful computer security company Agnitum and their infamous failure? It all happened because of a software developer Andrey Sabelnikov who developed a botnet which infected computers of the users.
Employing trustworthy people and endorsing the consciousness about data regulations could prevent you from repeating this or similar scenario.
Restrict access to data assets
The data assets should be available only to the employees who need them to do their job. Digital experience management platforms that offer inheritance and group-based access control lists (ACLs) can be useful for companies because they make a difference between access and manipulation and can restrict both of these actions to certain individuals and ways of accessing and manipulation. The approval streams should be tailored to the company’s governance policies.
If you want something done right do it yourself
Many companies, particularly the smaller ones and the beginners, rent third-party data for marketing purposes. While this seems like an easier way, it can often lead to more complications because you cannot be sure whether the data is accurate and collected legally (users may have not given their consent to use the information).
