The GDPR and Why Digital Marketing Will Never be the Same

We know that the General Data Protection Regulation is giving Compliance and IT some heartburn as these teams work to understand the GDPR’s new requirements and how it will affect their organizations. But perhaps the biggest impact will be to Marketing; specifically digital marketing, which will require a cultural shift that presents challenges, but for smart organizations, opportunities to succeed as well.

Consent is king

The days of implied, sneaky, and bundled consent are gone. Starting in May 2018, brands have to collect active consent that is “freely given, specific, informed and unambiguous” to be compliant with GDPR. Someone provided their email address to download a whitepaper? If they didn’t actively agree that it is okay to use their data to send marketing messages, it won’t be legal to add those email addresses to your mailing list.

Also, because there is no “grandfather clause” for data captured before the GDPR, we expect to see lots of re-permissioning campaigns to establish clear consent to use the personal data they already hold.

The GDPR will change how gated assets are used, how leads are collected, and how referral programs work. In other words, the method of “collect it now and figure out what to do with it later” will become a high-risk strategy. The challenge for marketers will be providing “granular choice” for consent in a way that is minimally intrusive and not detrimental to the customer experience.

Legitimate interest is not a get-out-of-jail-free card

The GDPR states that “legitimate interest” of a controller can provide legal basis for using personal information without obtaining consent (GDPR Article 6.1(f)). However marketers should use this clause with caution. Legitimate interest can only be invoked provided that there is “no undue impact” on data subjects. In other words, a business that intends to use personal information must balance its legitimate interest against the rights and interests of the individual and bears the onus for demonstrating such.

Personalization…and privacy – consumers want it all

A recent study found that 90 percent of consumers have privacy concerns, but also seek highly personalized and tailored customer service. Personalization is key to modern customer experiences and customers make purchase and loyalty decisions based on the level of individualized service they receive.

This introduces a challenge for many businesses and marketers – in order to provide highly personalized offerings they need to have a better understanding of their customers’ needs, purchasing histories and attitudes. That means collecting, analyzing and managing customer data related to these preferences and behaviours. However, it has also been found that consumers have growing concern over their privacy and the use of their data.

Marketers will have to find ways to comply with the GDPR while continuing to deliver the personalized products, services and customer experiences that their consumers demand.

Pseudonymization – Marketing’s new hope?

The EU has been explicit that the GDPR should facilitate – not inhibit – innovation within business. In fact the regulation calls out “freedom to conduct a business” as one of the fundamental rights it respects. The tracking and analyzing of consumer behaviors and preferences are valuable tools that marketers and sales functions rely on to be successful. The process of pseudonymization may provide a way for regulators and businesses to meet in the middle.

The GDPR defines pseudonymization as “the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.” It is a privacy-enhancing technique where directly identifying data is held separately and securely from processed data to ensure non-attribution of that data to an individual. As it turns out, controllers don’t need to provide data subjects with access, rectification, erasure or data portability if they can no longer identify a data subject. Organizations should look to technology tools as means of pseudonymizing or masking consumer data and encrypting personally identifiable data, in combination with organizational process changes, to ensure compliance.

It’s May 2018. Do you know where your personal data is?

A majority of businesses have stated that they are not ready for the GDPR. A big reason for this is the potentially onerous requirement for organizations to be able to quickly assemble a data subject’s personal data upon request for purposes of erasure, rectification or export.

According to a recent GRPR Readiness survey, only 26% of respondents currently keep an up-to-date register of the personal data they hold and the purposes for which they are used. If there was a time to get one’s arms around all the personal data they hold, what type of permission was obtained, and a governance structure to manage it, that time is now. Information classification schemes, data storage methods and records retention programs need to be reviewed to ensure that data portability, removal, or correction is not only feasible but efficient, if and when needed.

How OpenText can help

The GDPR is a game-changer for digital marketers and there will be challenges to overcome, however the game can change in their favor too. Yes the days of “data maximization” and blanket consent appear over. But it’s for those very reasons that the GDPR will lead to new marketing opportunities. The GDPR forces businesses to develop more thoughtful approaches to targeting and lead acquisition. Prospects who opt in are better qualified, more engaged and want to be marketed to. Because consumers have more control over how their data is used we’ll see better quality relationships between businesses and prospects.

OpenText™ Enterprise Information Management (EIM) solutions help organizations meet regulatory requirements and should be central to your overall GDPR compliance and data protection strategy.

According to Forrester, “77% of consumers have chosen, recommended, or paid more for a brand that provides a personalized service or experience.”

Utilizing Workforce Optimization solutions within our Customer Experience Management portfolio, we can provide sentiment analysis to help measure the effectiveness of your marketing campaigns; provide guidance on appropriate promotions to communicate based on whether or not the consumer has given consent. Learn more about our solution here.

Stay tuned for our next blog post in April on “Disrupt Yourself – Personalized Marketing in the Age of GDPR”.

You can also read some of our previous blogs on this topic:
Five 2017 Compliance Challenges
GDPR and EIM
GDPR – Opportunity or Threat for B2B
Discovery Analytics and GDPR

Janet de Guzman

Janet is Director, Compliance Group in Product Marketing and is responsible for the go-to-market strategies for OpenText governance, risk and compliance solutions.

Related Articles

2 thoughts on “The GDPR and Why Digital Marketing Will Never be the Same”

  1. Great post Janet! I just wanted to add to your comments about “Legitimate Interest” not being the golden loophole many marketing blogs seem to want it to be. Even if a data controller elects to use the Legitimate Interest basis for processing, all of GDPR’s other user touchpoint requirements are still in effect. The data subject must still be shown their rights, be given a convenient method for opting out, viewing clear and understandable notice, being notified in case of a breach. The data controller must still log the date and time they began processing under legitimate interest. In short, everything is the same except the requirement to roadblock the data subject with a privacy notice and consent dialog. We just gave a 30 minute webinar on operationalizing Legitimate Interest that can be viewed at https://vimeo.com/208709820

    1. Thanks Roy! Indeed “legitimate interest” isn’t the “golden loophole” (love that and may borrow it) marketers may be hoping for, making it all the more important to seek advice on how to be compliant. Should be interesting how this all falls out come 2018 and beyond. As a marketer myself, I find myself viewing our work through the GDPR lens now, which is probably a good thing.

Leave a Reply

Your email address will not be published. Required fields are marked *