The General Data Protection Regulation (GDPR) will be effective from 25 May 2018. It’s designed to strengthen data protection across Europe.
It will introduce consistent standards for collecting, processing and securely storing personal data.
The large fines for breaches of the GDPR requirements have been well publicised. Here are some of the key requirements that ecommerce marketers need to be aware of:
- Opt-in – pre-ticked permission boxes won’t be allowed. You can’t assume that permission to use personal data has been given. People must specifically agree that you can use their personal information and what you can use it for.
- Withholding permission – people don’t have to give permission for their data to be processed and you can’t refuse to provide them with a service if they do.
- Tracking – you must know exactly when you were given permission to use someone’s personal data and what for. You should have a clear record of all the personal information you hold and who you share it with.
- Access and accuracy – if the people you hold data about (data subjects) ask, you must tell them what information you have and what you are doing with it. They can ask for inaccuracies to be corrected and can limit how you use their data. They also have a right to know how you have made any decisions, based on their information. They can ask you to delete all the information you hold so that they can ‘be forgotten’.
- Protection – if you process the data on a large scale, you will need a Data Protection Officer (DPO). Your DPO will assess risks and advise on how to use and protect the data. You will also need effective processes to detect, investigate and report any breaches of personal data protection.
Big Data, machine learning and artificial intelligence are just starting to deliver outstanding improvements in decision-making and customer experience. Do these requirements mean that GDPR will put a stop to it all?
GDPR will be great for digital marketing
Showing how well you manage the personal information you collect, monitor, process and store for ecommerce marketing can only build customer confidence and improve your conversion rates.
Being very clear about how you use personal data (like names, addresses and personal preferences), as well as behavioural tracking and profiling, will show that you are committed to the best possible customer service.
Before 25 May 2018 you can email or write to your contacts and ask them to visit an online form to explicitly confirm that they want to continue receiving your content. This is an excellent way to clean your lists and improve the return on your digital marketing investment. However, you will need to make sure that you can reliably verify the age of your contacts and obtain consent from parents or guardians, if they are children (under 16).
For the future
It will be important to make sure your privacy and cookie policies clearly explain what information you collect, process and store. If you haven’t already reviewed these policies, this will need to be done very soon.
You will also need to show that you are only holding data you need. When you don’t need it anymore, it should be deleted, so you’ll need to keep track.
If you operate in more than one European country you will need to identify where your central administration takes place so that you know which data protection authority to work with.
One great way to streamline these requirements is to integrate your ecommerce and CRM systems with other business systems to give you a single coherent view of all the personal data you hold. It will also allow you to demonstrate how you have implemented data security by design across your whole business.
Disclaimer: Please note that the opinions expressed in this blog are that of Williams Commerce Limited and does not constitute liability for accuracy and/or legal precedence. This information assumes that you have, or will be, taking the relevant advice in relation to the General Data Protection Regulation (GDPR) from the relevant parties.