Not to spoil the ending, but ... no. Privacy laws have certainly shaken things up over the last few years, but don’t start mourning the death of the digital marketing industry just yet.
What’s the GDPR?
Most recently, the General Data Protection Regulation (GDPR) passed in the EU in May. In a nutshell, it puts more of a burden on data collectors — practically anyone with a website — to obtain consent from their users before collecting data.
The GDPR also requires that consent be active, not passive, and made with a “genuine and meaningful choice.” Posting terms of service — which, let’s be honest, no one reads — isn’t good enough anymore.
Technically, the GDPR only applies to internet users in the EU, but given the global nature of the internet these days, companies of all sizes are having to change things up. That’s why you’ve seen so many pop-ups about sites collecting cookies and why you’ve gotten so many emails about sites changing their privacy policies.
What Does This Mean For Marketers?
Well, the short answer is that if you have users in the EU, you can’t use “automated decision-making” to target ads any more. What that refers to is the kind of algorithms that serve ads to users based on cookies, location tracking, and browsing history.
Instead, advertisers are switching to “contextual advertising,” which is based on what a user is currently viewing rather than previous behavior.
It also means that consumers have the right to see what data you’ve collected on them. They can download and take it with them and even ask you to delete it.
Behavioral data in marketing isn’t going away entirely, as it’s still allowed in most of the world, but it’s worth keeping an eye on what might be a building trend in data collection laws.
What Should My Small Business Do?
First things first: do you have customers in the EU? Keep in mind that this doesn’t just apply to citizens — any interaction from an EU computer falls under these laws. If you’re small enough or your business is local enough, then you don’t have to worry! Just make sure to check your analytics software to see where your traffic is coming from.
Understand what kind of data you’re handling. What have you been collecting? Is it simple stuff like name and email? Or is it sensitive information like medical info, banking data, or shipping addresses?
Develop a consent policy. The GDPR dictates that customers opt in to having their data collected, and they have to be making a conscious, informed choice. That means you’ll have to write up something for them to agree to and explain exactly what they’re signing up for when they use your site.
Establish a data protection policy. Put rules in place for how data is stored, which employees are allowed to see it, and what to do if your users’ data gets in the wrong hands. If possible, encrypt your data to better protect your users.
Prepare for data requests. Under the new GDPR rules, consumers have the right to see what data you’ve collected on them, correct inaccurate information, revoke consent, or even demand that you erase all the data you have on them. You’ll need to have software and a policy in place to comply with those requests, if and when they occur.
Make the consent process clear. Customers should be in no doubt that they’re signing up for your mailing list. Giving consent to data collection needs to be separate from your other terms and conditions, and requires a clear “yes” — no pre-checked boxes. And just because they’re on the mailing list doesn’t mean they’ve consented to let you use that data elsewhere.
Bottom line: talk to an expert. These new laws are complicated, and if you’re not a lawyer, you might make mistakes. Not to mention the software, coding, and database management you might need to set up. Penalties for being on the wrong side of the law are steep — 20 million euros or 4% of your annual revenue — so it’s worth the effort to get it right from the beginning.
How Do I Handle My Customers’ Data Ethically?
It’s a tricky question, as all ethics questions are. But even if you haven’t broken the law, a breach of trust with your customers might be just as damaging.
Define the value. Establish what you’re collecting data for, and why that’s good for your customer — not just for you. Articulate what you hope to accomplish with the data, and make all that clear to your customers.
According to one study, 67% of customers left false data when asked by websites. If your customers know that the data they give you will come back to improve their experience, they’re more likely to be honest with you.
Be transparent. Tell your customers exactly what you collect, and why! Do you use their addresses to give them customized deals that are available near them? Do you use their age or gender to change suggested products? Let them know!
And give them the opportunity to participate in the process. If you’re giving them newsletters for products they’re not interested in, give them a way to adjust their preferences. The more honest and open you are, the better.
Choose your partners wisely. If you partner with other sites and services that use your customers’ data — newsletter and checkout services especially — make sure you know exactly what their data policies are too. Tell your customers who else is getting their data, how much of it they’re getting, and what they use it for.
Remember the context. There’s a thin line between helpful and disconcerting, and you should walk it carefully. A “Happy Birthday” email with a one-day-only coupon in it is fun and appreciated — a “Congrats on the new baby” email when the customer didn’t even tell you they were pregnant is not. Your goal with this data is to delight your customers, so keep that in mind whenever you use it.
We know all this seems like a lot, but digital marketing isn’t going anywhere.. You can still give your customers the personalized, helpful experience that they deserve, and they’ll appreciate it just as much — if not more — knowing that you’re treating their information with respect.