What is GDPR? A perspective for online and multi-channel businesses

For multi-channel and online-only retailers, big data has offered a huge opportunity. The opportunity to better shape conversion funnels, fine-tune marketing messages and personalise communication. But existing practices are about to get shaken up as incoming legislation. The General Data Protection Regulation (widely known as GDPR), sets out to better regulate how firms go about reaching out to both existing and prospective customers.GDPR will be implemented across all EU member states and enforceable from 25 May 2018, following a two-year transition period. If you’re not sure how it’s going to affect your business or don’t know if you’re ready, you’re not alone. Last month a survey revealed that just a fifth of UK businesses felt confident in their abilities to meet GDPR. But what is it? And how can you prepare your marketing and customer acquisition strategies to be compliant?

GDPR essentially aims to unify and strengthen data protection for individuals across the EU. Businesses that fail to comply risk substantial fines. For example, failure to notify the Information Commissioners Office (ICO) of a breach can result in a  fine of up to 10 million Euro or 2 percent of global turnover! The legislation will affect all firms that hold personal information on their customers, covering the vast majority of businesses in the digital age.

For online businesses, it represents a need to overhaul how they forge relationships with customers. The nature of e-commerce means that all businesses in the sector will frequently handle customer data, including when using it to communicate.

With this in mind, there are some core parts of GDPR that you need to be aware of now:

Updating your privacy statements

Updated wording will be required for your privacy statement. You have to really clear on what information you collect, who you share it with and for what purposes. For a detailed list of information required to be shared click here. Given the abundance of third-party apps and services that many eCommerce businesses use, it's really important to be clear on what information is shared with these services and why, as well as their own data protection and security policies. This gets particularly interesting when dealing with third parties located outside the EU!

You need to obtain consent

To process and use personal data, you will need to gain consent. That means if you have a marketing campaign in mind where you reach out through your database, you’ll need to ensure that individuals have given you permission to contact them for marketing purposes. The good news is that there is no time limit on consent. The ICO states that the context of consent will determine how long consent is given for. What's clear from the new legislation is that the philosophy around clear communication. So the clearer and more transparent you are to consumers about what they're consenting to, the better.

Assessing legacy data and soft-opt in

Historical data that you use now across multiple aspects of your business, from email marketing to analysing the customer journey, will all need to be re-evaluated under the incoming regulations. There are different legal bases for processing data under GDPR, Consent and Legitimate Interests being two of them. For example, you may need to obtain explicit consent from people whose email addresses you've collected at events, who have never bought from you. This will be based on the wording they agreed to at the time of signing up. Whereas existing customers who've soft opted-in when making a purchase can continue to be marketed to, as long as you were explicit at the point of purchase about your intentions. You also need to give them the chance to opt-out at any time through your campaigns.

Right to access and Right to erasure

Getting a handle on all of your customer data, knowing where it all resides and how to quickly access it will be vital. Especially when it comes to consumers right to access the data an organisation holds on them. Having a quick way to provide this will save companies hours of time. It's something we're making sure all our client have as part of our service to them.

GDPR further supports the individual’s right to be forgotten. Your communication methods and website must have a clear way for customers and leads to ask to be removed from your database and you must comply with the request.

GDPR might present some challenges when it comes to consumer data but equally, these new regulations could present an opportunity for eCommerce businesses. The incoming changes offer a chance to streamline your current process, build an engaged database of contacts and think creatively about how you can add value to your customers. For example, we believe that any company using MailChimp for their email marketing will be able to enjoy cost-savings associated with smaller-sized lists of engaged subscribers without a loss in revenue opportunities. Basically, getting rid of subscribers that never open your emails. It's important to get rid of these people because of their detrimental impact on inbox deliverability.

Please contact us if you have any questions about how GDPR might impact your business, whether you're based in the EU or even if your online customer base includes EU citizens.