If you are into inbound marketing, and you serve EU residents, you would know 'GDPR', undoubtedly.
That GDPR is a four letter acronym is purely incidental. Atleast that is what the EU lawmakers would like us to think. Here is the GDPR resource you could reference.
If I have got you worried, I am perhaps in the right direction. But, you still have a month and a little more. Start preparing. GDPR goes into effect from 25th May 2018, and will apply to any company that does business with European Union residents, irrespective of their business location. In effect, GDPR impacts all global businesses.
Over the next few weeks, the Inbound Mantra blog will make an attempt to give more perspective to its contacts and customers on GDPR. Specifically, how all of us will have to make hygiene changes to our inbound marketing operations to stay compliant. Believe me, it will be exciting.
The GDPR Inbound Marketing Impact
GDPR requires businesses to take documented steps to secure all personal data.
Personal data is any information related to a natural person that can directly or indirectly identify that natural person. This personal data could be anything from a name, email id, phone number, photo or even a computer's IP address. Check and mate, pretty much. To comply with GDPR, businesses must limit access to personal data to only authorised employees. Not just that. The job roles of these employees should specifically require access to that data.
What if you don't comply? A fine, of course. This particular post will not go into the details of GDPR. It will only present the highlights that businesses need to be aware.
An absence of a 'Yes' does not mean a 'No'. The 'consent' provision requires that businesses communicate clearly and simply when it comes to collecting personal data of contacts. The communication should be bereft of legalese. Withdrawing consent should also be simple and easy.
Right to access and the Right to be forgotten
What can I say? These provisions are path-breaking.
- Right to access - Companies will have to provide a copy of all personal data in a readable format when requested. Contacts can also question companies how their personal data is being used and for what purposes.
- Right to be forgotten - GDPR gives contacts the right to ask a company to delete their personal data.
- Data Portability - When a contact moves business to another company, they could request transfer of all data.
Be ready to fork out 4% of annual global revenue of your business for non-compliance. How EU lawmakers will implement this, especially for small and medium sized businesses outside the EU?
Consequences for Inbound Marketing
The entire philosophy of Inbound marketing is based on being useful to prospects, leads and customers. An email address is a fundamental requirement to enable inbound marketing. According to the GDPR, email address is personal data.
There will be an impact, for sure. It is the degree of the impact that will count. Will it change the way we do our inbound marketing campaigns?It is time to research more.