What is it?
- The General Data Protection Regulation (GDPR) is a new data protection regulation brought in by the EU that has to be obeyed by any company dealing with EU citizens’ data.
- UK companies will have to abide by GDPR despite Brexit.
- Deadline for compliance is 25 May 2018.
- Companies that are not GDPR compliant by this deadline face a fine of 4% of global revenue or €20 million (whichever is greater).
How it affects you
- One of the main objectives of GDPR is to give control of personal data back to consumers.
- This means that you will have to get explicit, informed consent to use your customers’ data for any marketing or sales campaigns or data analysis (like segmentation or targeting). It covers B2C and B2B campaigns.
- Under GDPR, consent must be given for each and every individual use of data. It will need to be regularly updated.
- Data cannot be held for longer than ‘reasonably necessary’.
- Customers must be able to withdraw consent at any time.
- The ability to not consent, or withdraw consent, to any marketing related data use must be explicitly explained to customers in a separate section to any other information.
- Customers can also request to see what records businesses have on them. You need to make sure customer data is accessible – and in a commonly used electronic format that is downloadable and APIs for transfer to other companies.
- You will need to know exactly where all customer data is stored, and ensure it is stored securely.
- You will need to know exactly where your data has come from (direct from customers, bought from third party etc.) and whether consent was originally obtained.
- Some companies may need to appoint a Data Protection Officer to oversee data protection processes in the company – this person can be in-house or a third party.
How we can help you
- Consultation Workshop – understand the implications of GDPR and what your business can do to get GDPR ready
- Data diagnostic – audit your data to ascertain how it is all held, whether consent has been obtained and what the most appropriate data management solution is to be GDPR ready
- Data management – modify, implement or create a data management platform
- Marketing diagnostic – review and modify your omnichannel marketing campaign to ensure it is ready for GDPR
- Automation – create workflows and other infrastructure that allows consent to be managed and data to be sent seamlessly
- Consent campaign – design and implement a campaign to gain consent from your customers
- Consent/compliance hubs – develop bespoke solutions to allow your customers to manage the marketing messages they receive
Tools to help you maintain GDPR compliance
Double opt in
We have the ability to build sign up and data capture pages via technology such as Adobe Campaign. This will enable trigger emails to be sent asking the email address holder to consent before any further action is taken.
Your solution could be built using the Adobe Campaign WebApp Module or via external forms built by our development team.
We’ve recently implemented a double opt in process for TradePoint for its ‘replacement card project’:
• Customer gets email
• Clicks on banner to order replacement card
• Taken to webpage where their email is populated on screen and button to confirm request
• User clicks confirm button
• Double opt in email is triggered
• Email is opened by customer, clicks button on email to confirm request
• Customer Details of confirmed requests sent to client for processing on a weekly basis
Subject Access Requests and the right to be forgotten
Profusion can respond to any ad hoc request to search or delete customer information on your Adobe instance. We can also provide direct access to the console to allow you to search the data yourself or create a bespoke, user friendly dashboard.