Ever since coming into effect in May 2018, GDPR has been evolving.
GDPR is not a new revelation, it is standard for everyone and has become a key area of business. If you’re marketing to businesses or consumers, and at any point you’re processing personal data, GDPR is going to factor in, so check out the following tips to make sure your marketing strategy is always compliant and secure.
Whilst the rules surrounding GDPR are more prevalent and crucial to your business than ever before, the guidance on compliance is also clear and concise; it can be found here. At the core of a GDPR compliant marketing strategy is an emphasis that users must actively opt in to having their data processed. This means that factoring consent into marketing activities is crucial.
There are a standard set of rules when capturing consent:
- Consent information must be easily accessible. Users should be able to easily find a section that is asking for consent to process their personal data.
- Consent capture should be intelligible and easily accessible. Users should be able to understand and easily locate the information regarding how their data will be used. They shouldn’t have to search through links or large volumes of information in order to find the information that will help them decide whether they want to give consent.
- Language used should be clear and not complex or difficult to understand.
- Users should be informed that they can remove their consent at any point. Any processing carried out until that point won’t be considered unlawful, as long as it was done in a GDPR compliant way.
To have a watertight GDPR compliant marketing strategy, it’s important that everyone on the marketing team (and generally throughout your business) really understands the rules around GDPR. There must be a lawful basis for processing the information during marketing practices and making sure your team understands the different bases can really inform your strategy.
For example, there will be certain times during your marketing activities when it may be impractical to obtain consent from a user before collecting their personal data for marketing purposes. In that case, it’s important to understand alternative bases for processing, such as ‘legitimate interests’ for example. Legitimate interests allow a company to process data if there is a legitimate reason for doing so and doing so is not outweighed by the rights of your users.
This strategy is slightly more risky as it puts the pressure on you to prioritise the user’s best interests in developing certain elements of your marketing strategy. Having a solid understanding of the lawful bases and how your data processing fits into that will help inform your marketing activities and ensure your strategy is compliant and secure.
Here are a few of the processes you can put in place to ensure data compliance in your marketing strategy:
- Use privacy notices to let users know who is collecting their information as well as why and what it will be used for. Also let them know in your privacy notices whether the data will be shared with other organisations and why.
- Let users know in your first communications with them that they can object to data processing at any point from the outset.
- Make sure you’re getting clear opt-ins and consent from individuals for your marketing activities. Opt in should be explicit.
- Ensure that you have the proper processes in place in the case that a user chooses to opt out of marketing messages etc. so that they won’t be contacted in the future.
- Is your data being stored securely? Look into making your IT systems as secure as possible. Have systems in place for authorising those to have access to data and to ensure that data is transferred securely.
- Don’t keep data longer than you need it. Make sure to review it regularly and erase where necessary.
- Make sure you’re using data from a trusted supplier. With data that has been bought, be sure to verify how the data was collected and permissions were acquired.
Lead generation is all about maximising performance and minimising risk, and at Lead 365 that is our primary focus. Ultimately maximising performance comes down to the right combination and utilisation of tools such as quality technology, management, analytics and optimisation. Having secure and transparent GDPR practices that will ensure a compliant marketing strategy is a key part of lead generation and is where businesses have power to mitigate the risk.
Do you need help cultivating your marketing strategy and lead generation?
Get in touch today for more information!