On 25 May, the General Data Protection Regulation celebrated its second birthday.
Here we explore how it’s impacted marketing, what else has changed for Marketers in the intervening two years, and what this means for your approach to marketing today.
GDPR – a quick refresher
The General Data Protection Regulation is relevant to any organisation that:
- Possesses or processes data pertaining to an identifiable person
- Contacts those individuals via email, phone, SMS or mail
- Tracks their engagement via e-shots, cookies, or landing pages for the purpose of profiling an individual
The regulation applies to any EU citizen, no matter where in the world the data is held.
An article on CMSWire.com recalls the different views at the time of implementation; some thought marketing would be improved by the rigour of the new regulation, like CMSWire author Sean Connell, who called GDPR ‘an incentive for brands to take a more strategic approach to how they aggregate and utilize customer data’.
Others, meanwhile, felt it would negatively impact Marketers.
This is something we explored at the time, discussing the ways your marketing might change under GDPR.
What’s changed since the regulation came into effect?
A year ago, we looked at the ways marketing had changed in the first 12 months since GDPR implementation.
For those still keen to use email, the new rules have brought an increased focus on quality. With the balance of power shifted towards the recipient, it’s more important than ever to make any emails you send relevant, appropriate and valuable.
This means ensuring your content is engaging and your approach to data is meticulous.
The rigour needed to comply with the regulation has also highlighted the need for Marketers to have control over the communications and promotions their firm issues. This is often a particular challenge in professional services firms, where a wide range of people can be involved in creating and issuing marketing communications. Find out how to tell whether your financial promotions are out of control – and what to do about it.
How have firms complied with the GDPR since its inception?
As with any new rules, compliance has been a mixed bag. A few months after GDPR came into force, a report claimed that UK employees were more likely to be told off for failing to keep the workplace tidy than they were for breaching the data rules. And a survey in December 2018 found that two-thirds of EU firms were not fully compliant with the regulation.
Commenting at the first anniversary of the regulation, Elizabeth Denham, the Information Commissioner said that businesses faced ‘ongoing challenges of operationalising and normalising the new regime’.
She also set out ambitions for the second year of the GDPR, saying that firms’ focus ‘must be beyond baseline compliance – organisations need to shift their focus to accountability with a real evidenced understanding of the risks to individuals’.
What else has changed for Marketers in the last two years?
Of course, the GDPR is far from the only new regulation you’ve had to tackle in the last couple of years – particularly if you work in a regulated sector; for instance, an industry governed by the Financial Conduct Authority.
The Insurance Distribution Directive came into force in October 2018, delayed from its original launch date of February that year, introducing enhanced requirements around customer information and conduct of business.
Claims management firms came under FCA regulation from 1 April 2019, with new rules on claims management advertising coming into force in January 2020.
On top of this, regulated Marketers have continued to grapple with compliance around regulations like PRIIPs and MiFID II, which came into force before GDPR but where ongoing debate about the requirements has rumbled on.
Even if you don’t fall under the auspices of the FCA or another industry regulator, there are still rules you need to abide by – the requirements around comparative advertising, for instance, where the Committee for Advertising Practice issued an update in March.
And more regulation is always in the pipeline. In January 2020, a draft of the new Direct Marketing Code was put out for consultation by the ICO.
How can Marketing teams ensure GDPR compliance?
So, if you’re trying to enforce best practice email marketing, as well as managing the challenges of all the other regulations you have to embrace, what should you be doing?
- Familiarise yourself with the GDPR rules
- Ensure your current approach complies
Does your data processing follow one of the lawful bases? Are your systems adequate to meet the requirements of the regulations? Can you respond quickly to people’s requests to be removed from your mailing lists – and do you compliantly document these actions?
- Consider your use of alternative marketing channels
Prior to the regulation coming into force, we shared some of the ways your marketing may change under GDPR.
And if all this new regulation has driven additional work for your team, explore some of the efficiencies you can make to counteract this, perhaps by introducing an element of automation; something that can make your processes more robust as well as efficient.
Using GDPR as a springboard for improvement
New regulation is always a headache – but you can use the additional rigour needed to improve your approach.
If you’re a regulated business, you may have a head start here, as your customer communications and financial promotions will already need to follow strict rules, with requirements around compliant sign-off.
And whether or not you’re regulated by the FCA or another body, the GDPR is just one of a number of rules you need to follow.
You can find out more about the compliance requirements even non-regulated firms face by downloading a copy of our whitepaper, Compliance for non-regulated businesses. The whitepaper’s free, and you can get a copy from our resource library.
Nothing in this document should be treated as an authoritative statement of the law. Action should not be taken as a result of this document alone. We make no warranty and accept no responsibility for consequences arising from relying on this document.