This is a guest blog post by Jo Rourke.
GDPR (or the General Data Protection Regulation, to use its full title) is everywhere you look at the moment. And understandably so. It’s a big change. But is it as scary as everyone keeps saying? I get it. On the surface, marketing & GDPR don’t seem obvious BFFs.
I decided that if I was wondering about how to balance marketing and GDPR, lots of other entrepreneurs would be too. I talk rather a lot about value. Specifically, about the value you provide to your clients. As you know, I believe your content is a way to provide value long before your clients get cosy on your customer list.
Through my research, I’ve realised that GDPR is also related to value. How? Well, naturally, the data you hold on your clients is incredibly valuable – both to you, and to them.
Complying with GDPR is the perfect opportunity for you to demonstrate how much you value your contacts’ data – by acting responsibly and taking care of it appropriately.
Never one to miss out on an opportunity to show my clients how much I love them (and their data), and to share knowledge where I can, I’ve declared March as “Marketing and GDPR Month”. This month I’ll be challenging myself to become GDPR compliant way ahead of the May 25th deadline.
I’ll be blogging my progress and, because it’s such an important topic, I’m pairing up with Rory Campbell from Forde Campbell, a commercial law firm specialising in IT, tech law, and the internet, for tech companies and start ups.
Together, we’ll be busting some myths, helping you incorporate GDPR compliance into your content and generally reassuring you that marketing and GDPR can go hand-in-hand.
But first, some housekeeping. Before we can figure out how to align our marketing with GDPR compliance, we first need to understand exactly what it is. I’m not a lawyer, so I thought I’d call in a tame expert (Rory) and ask him some questions:
Rory, is winter coming?
Jo, the succinct legal answer is Yes. But No at the same time, with a spot of It’s already been winter for a while, and a final note of Perhaps more of an Ice-Age than a Few Cold Months.
We lawyers like to be clear.
The fact is that, while many people have focussed on the threat of fines of up to €20 million, that’s missing the point. Fines will only be imposed in very limited circumstances. The real effect of GDPR will be to change the culture of modern business, so that personal data use will become an everyday responsibility and risk management factor – rather than something to be considered only when things go wrong.
GDPR is actually pretty empowering for consumers. I know I’m a lawyer, and as such am more partial than most to a regulation, but GDPR is here to help everyone. Why? Because, everyone has the right to the protection of personal data.
For businesses, the GDPR is about obligations, rather than rights.
The drivers for GDPR are, firstly, the transformation since the last data legislation (1998’s Data Protection Act) of how technology uses personal data; secondly, the massive uptake of mobile tech by consumers (particularly children): and thirdly, the fact that the law now wants businesses to demonstrate compliance – rather than doing nothing until the data protection watchdog, the Information Commissioner’s Office, comes calling.
In a nutshell, if you’re in business and you hold personal data about your customers or employees (that’s everyone, basically), the GDPR applies to your business.
To start on the GDPR compliance journey, you need to take time out to look at your organisation, think how data flows through it, and be able to state:
Having carried out this data audit, you will have the information you need to take the first steps towards compliance.
For most small to medium businesses, GDPR compliance can be handled in-house. However, it’s an ongoing business task and one that needs to be defined. Data protection needs to be monitored and compliance with GDPR needs to be checked regularly, just like you do for other essential business tasks.
The initial step of answering the questions above will take an investment of your time, but it’s entirely doable by the average business owner.
Are you obtaining data?
Nearly every business that operates in the 21st century obtains personal data. Got a contact page on your website? You’re collecting personal data. Newsletter sign up pop up on your blog? You’re collecting personal data. Facebook ads with downloadable resources? You’re collecting pers- Okay, you get the picture.
So, yeah. Data collection and GDPR are inextricably linked.
But that doesn’t have to be a bad thing.
The aim of the regulation is to ensure that personal data is handled and processed responsibly, that contacts are clear on why their data has been collected and what it’s going to be used for. Contacts also have the right to access their data and have it corrected, removed and forgotten.
I think that’s pretty reasonable, don’t you?
What are you doing with their data?
Your contacts need to be aware of what you’re doing with their data and (where you’re relying on their consent to carry out your activities) they need to provide their clear, unambiguous permission. That means that, in turn, you need to provide them with clear information on what you’ll be doing.
Sending them a newsletter once a week? Let them know when they sign up.
Informing them about promotions because they downloaded a discount code? You need to tell them.
I said earlier that I’ll be “live-blogging” (if you can call weekly posts “live”) my Marketing and GDPR compliance quest, so I figured the first step is sharing my action plan.
Your action plan is likely to be different, and, as I’m not a lawyer, the contents of this or any future blog post do not constitute legal advice.
All that said, it would make for a pretty shit blog series if I didn’t share my own process, so here goes….
The first action on my Marketing & GDPR Action Plan (I love me an action plan, so obviously I made one) is to figure out how I’m obtaining personal data, and what that data is. I’m thinking about:
You can download these questions in checklist form to help you figure out the beginnings of your compliance process – just click the image below.
Once again – I’m not a legal professional, so this checklist does not constitute legal advice and does not prove legal compliance with GDPR – that’s your job 😉
Today we’ve talked about how GDPR can impact your marketing strategy, and started the process of defining how we come to hold data and the process for this. This is an incredibly important step towards being able to prove your handling process.
We also looked at how GDPR doesn’t need to be the death of your marketing strategy. In fact, when we re-frame it, we see that the GDPR just means being responsible and transparent….qualities all of your clients will value.
Jo Rourke is a content strategist and writer, helping entrepreneurs end the overwhelm when writing content for their ideal clients. Jo is based in Northern Ireland, where she lives with her husband Martyn, and their three children: Claudia, Gabriel and Wynona. You can link up with her on Instagram here: https://www.instagram.com/jo.rourke/.