“The right to be forgotten” isn’t just another way to describe ghosting, a practice popular in dating and social circles where uninterested parties disappear without a trace. The right to be forgotten gives individuals the right to have personal data removed or erased from company servers storing their data. The right to be forgotten is one of the fundamental rights protected by the General Data Protection Regulation (GDPR). The intent is to give Europeans more control over how their data is collected and used.
All companies that collect and manage personal data from European residents must comply with the regulations to avoid massive fines for violations. The motivation for marketers to get their data under control is significant because companies charged with violating the GDPR face a potential fine of €20 million or 4% of global revenues.
The rules for GDPR compliance are pretty straightforward and are also, incidentally, good rules for people who don’t want their dating behaviour to turn stalker-ish. Never contact someone unless you have their permission. Don’t presume that potential contacts want to hear from you. The common thread here is the issue of consent.
The rules for consent in the GDPR era have dramatically shifted. Marketing professionals must make sure they’re upholding the rules of consent as outlined by the GDPR. Obtaining consent is no longer assumed as it was in the past; you must clearly receive permission from the data source; the person must “opt in.” When consent is received, it must be documented and recorded. You must also allow for the withdrawal of consent and document that as well.
In the past, your company might have used implicit consent in its marketing campaigns, but now you must obtain explicit consent from individuals to collect their data, and you must state clearly how you will process or hold that data. For consent to be valid under GDPR, a customer must actively confirm their consent.
Best Practices for Marketing Professionals
Here are five marketing best practices you should consider including in your GDPR-compliance initiative:
1. Strengthen your opt-in process so users actively and voluntarily consent to receive your messages. Replace pre-ticked boxes indicating agreement during the subscription process with boxes that require users to tick the boxes to agree to receive email communications.
2. Keep a “do not email or text” list of any individuals or organizations that object or opt out; and screen any new marketing lists against that. Don’t send unsolicited marketing emails to people who have said they do not want to receive marketing communications.
3. A data subject’s right to object to direct marketing should be explicitly brought to their attention and presented clearly and separately from any other information.
4. Keep records of consent, documenting who consented, why they consented, and how they consented. Work with your IT department to determine how you’ll keep these records. One solution is to have a single platform, like a CRM system, that hosts the consent record of every user.
5. If you use a marketing agency, you must confirm that they have practices in place to ensure adherence to the GDPR. If a marketing agency you work with breaches the GDPR, you could be held liable and, even if you aren’t, your company’s reputation could be damaged.
You may be thinking the GDPR is just another set of yawner compliance requirements that will hinder your creativity and your ability to connect with customers. But there are ways to turn this into an opportunity. How, exactly? Instead of a simple yes or no option when asking customers about data, provide them with a number of options to identify their interests. Through consent, you can gain insight into each customer’s interests to provide them with information they want to receive. You can also craft a brand message that pulls your customers in and engages them in a new way. What are some examples of creative approaches companies have used in communicating their brand message and gaining customer consent?
EasyJet, an airline company, presents its privacy promise in the form of a pre-flight safety briefing, and customers are assured their data will only be shared for safety purposes, or to deliver a service purchased from EasyJet or its partners. EasyJet’s approach is engaging and transparent.
Missguided, a women’s clothing company, notified its subscribers by asking, “WTF is GDPR?” The email is humorous and informative and features a top-five countdown of reasons to stay subscribed to Missguided’s email newsletter.
GDPR affords you the opportunity to ensure that your customers’ personal data is protected and handled in accordance with their wishes using your signature branding message. If done well, your customers won’t summon the right to be forgotten. Just the opposite, they will want to be remembered and not left behind.
For more information contact email@example.com
By Neil Cullen (Director, Compliance Learning, Interactive Services)
Latest posts by Becky Murphy (see all)
- Cordery Compliance: Modern Slavery – What’s it all about for UK Companies - March 19, 2019
- Training guide NY and CA Sexual Harassment eLearning Checklist - March 12, 2019
- Q&A with Gül Güven, PhD. – Global Compliance Training Program Leader - March 8, 2019