Unless you’ve recently arrived on planet Earth or have awoken from a long slumber, Rip Van Winkle style, you’ve heard of the General Data Protection Regulation (GDPR). For the aliens and sleepers among us, the GDPR, a boring-sounding acronym, is a digital privacy regulation that was introduced on 25 May 2018. It standardizes a wide range of privacy legislation across the European Union (EU) into one set of regulations that will protect all EU citizens. In this era of data as currency and the frequency of digital privacy breaches, this has never been more important.
What Does GDPR Mean for Companies?
Under the GDPR, organizations must ensure that personal data is gathered under strict conditions. Those who collect and manage it must safeguard it from misuse and corruption, as well as respect the rights of data owners. Companies must conduct ongoing privacy impact assessments, improve the way they seek permission to use the data, carefully document how they use personal data, and promptly convey data breaches to all affected parties. As a regulation, the GDPR is legally binding. In other words, companies do not have the option to ignore it. In fact, failing to comply could result in fines of up to €20 million or 4 percent of a company’s global revenue.
Compliance Has Gone Mainstream
Compliance was once the business of compliance officers crafting legalese, trainers who delivered the sleep-inducing content, and employees who had to endure punishing legalese turned death-by-PowerPoint sessions. But with the widespread implementation of sexual harassment training, and now GDPR, compliance has gone mainstream. And, because of all the emerging issues requiring compliance over the past decade, it has mushroomed into a thriving industry. In response, compliance and marketing professionals have upped their games and crafted messages that engage consumers.
Brand-Based GDPR Messages
Companies have interacted with customers around the GDPR in unique and creative ways that align with their brands. Marketers have been challenged to find ways to appeal to customers and gather consent to use their data in an effort to continue the business relationship. Some companies have capitalized on customers’ fears of missing out (FOMO) with a don’t-get-left-behind message. Once they’ve outlined what the customers will miss out on, they present opt-in messages to entice them. Below are examples of the different tones that firms have taken to reach out to customers.
When contacting their customers, these three organizations opted for a lighthearted and playful tone. National Express (a UK-based bus company) used this email subject line: “Neil, don’t let this be goodbye.” Wahaca, a UK-based, street-style Mexican restaurant chain, asked users if they could “taco bout your data and your emails.” Wagamama, a UK-based Asian restaurant chain, requested that customers not “say toodles to noodles.”
A supermarket went with a more straightforward approach with a time-sensitive message:
Time’s running out – stay in the know! As data protection law changes on Friday, 25 May, we’re emailing again to make sure you don’t miss out.
A clothing company appealed to customers’ desire to be part of an exclusive group with this message:
Made in England. Monogrammed exclusively for you. Opt in to our emails to gain exclusive access and you could be one of the lucky few.
A travel company went for an FOMO angle:
You know the score by now. You’ve had a hundred ‘let’s stay together’ emails from brands talking about data, privacy and GDPR (as dull as it sounds, trust us).
It’s time to tell it to you straight: if you don’t click on the opt-in button below and tell us how you’d like us to contact you in future, then it’s a stone, cold ‘see ya’ from 25 May and you’ll miss out on good stuff like this…
Here are some others – short, sweet, and to the point:
• Don’t miss out on Glastonbury newsletters! Action required.
• Update your Opt-In for NBA communications!
• Do you still want to hear from us?
Is this a turning point for how firms communicate with their customers and contacts? In a word, yes. Companies now need consumers to opt in, not just opt out, of regular communication. Failure to opt out of marketing is no longer valid consent. Opt-ins where the opt-in checkbox iss prechecked are also not valid.
Companies can no longer collect personal data without adequate consent. This serves to encourage transparency and safeguard the rights of EU consumers. Brands that carefully comply with the regulations of the GDPR are likely to benefit from a more trusting and open relationship with their customers and contacts. Some view it as an opportunity to boost their brand; the clarity and integrity around data will strengthen their image and convey to customers a culture of transparency and honesty.
For more information contact firstname.lastname@example.org
By Jim Bachert (Director, Compliance Learning, Interactive Services)