The bottom line: you need to be thinking about data management. Not just to get compliant, but for innovation and your growth strategy too.
At Pensar, we’ve been working with marketing agencies from the start. Here’s what you need to know about managing your data in the modern world.
1. New regulations (and why you shouldn’t fear them)
But at the core, the new regulations are pretty straightforward. They just mean people have the right to:
- Privacy, security and ownership of personal data collected by businesses.
- A data profile that is accurate, relevant, necessary and justified for your job
- Access all of the data you have about them in a nice neat file format
- Take their data away from you, move it somewhere else, swap and change your access to it, or make you delete it all.
Marketers will have to rethink how they collect, store and process data to achieve compliance. But you shouldn’t see this as a huge task or insurmountable challenge. Instead, look at it as an opportunity to be proactive around security, make new business discoveries, and build a resilient data protection strategy.
2. Data audits are more valuable than you think
Reviewing and ‘cleaning’ your data across all channels - from spreadsheets to social media - is the first step to compliance. But data audits are important your business’ sake too. Why? Because bad data happens to all good marketers.
You’ll probably find some dodgy data somewhere, or you’ll find that you’re targeting people with wrong or irrelevant messaging which, as we know, is marketing suicide. But fear not, quality data and a 360-degree view of your customer are actually legitimate ways to get compliant. Win-win.
3. It’s all about people and processes
Lots of modern companies are adopting ‘unified communications’ technology for data management. But this is really about people and processes. The point is, everyone has a digital identity and data is logged, categorised and accounted for on one secure platform.
This makes data sharing efficient and collaborative, and pulling off reports a breeze. But as everyone who processes data is accountable, make sure educate and train employees properly and get an IT security policy.
4. Getting a handle on access and permissions
Managers are often guilty of giving the whole team access to data, and don’t necessarily track where it is or who has it. This can leave you wide open to accidental data leaks or data breaches - especially in today’s increasingly mobile workforce.
Luckily, the GDPR promotes a stricter and more deliberate approach to information sharing and access. People should only have access to data they really need, and you should be able monitor data and grant or revoke permissions easily.
5. Advanced security measures are paramount
We recommend getting certified with Cyber Security Essentials, which is backed by the government. This is a start, but eventually you’ll need to protect data comprehensively - whether it’s static, in transit or in a different location.
6. The changing rules of customer consent
New regulations only reflect public interest and the studies you already know about - people want brands that are upfront and honest about data, privacy and communications. This means there have been changes to how and when you collect consent from individuals:
- Privacy and usage policies. Ambiguous or technical/legal jargon policies won't cut it under the GDPR – you'll need to write clear policies so your audience understand how you use their data. A pre-ticked box for consent is specifically banned under the GDPR, too.
- Marketing communications. To contact a prospect and use their data, you need to obtain a positive (opt-in), specific, informed, recent agreement. For e-marketing, we'd recommend double opt-in, where people actively tick an 'I agree' box, then give a second layer of confirmation via an email link.
- Marketing automation. This is still fine if you're honest about how you use automation, but a serious decision about a data subject cannot be made purely though automation - there needs to be some level of human intervention.
- Voice and video recordings. You need get proper consent first. But you can still record client interviews without it as long as you have a legitimate or contractual reason.
- Cookies and ad-retargeting. This can still be used, but again you’ll need to have a clear policy and get consent - people can opt-in and opt-out as they wish.
Greater consumer power around data doesn’t mean you should sacrifice the effectiveness of your marketing strategy. Double opt-in actually improves your click-through rates, and new modes of consent set you up for more qualified leads while putting an end to chasing people who aren’t explicitly interested.
All in the mindset: a culture of compliance is the best the way forward
New regulations aren’t just about compliance. They are about setting the global bar for best practice, and encouraging a culture of trust, transparency and privacy round data management. This is perfectly achievable with a good partner on hand.
At this stage, you just need to prove you’re making steps towards a better data culture. And if you take an iterative approach and show some social responsibility now, you’ll earn trust and be more popular with prospects than your competitors.