If you haven’t heard about GDPR, then it’s time to take a good hard look.
In April 2016, the European Union passed a broad and powerful law that goes into force in May 2018. The reverberations will be felt around the world, and your business may be seriously affected. The law is called General Data Protection Regulation (GDPR), and it protects the personal information of any and all Europeans online.
Don’t go thinking that just because it’s a European regulation means it won’t matter to you and your company. This law has far-reaching and very expensive implications for any company anywhere in the world that gets any information about European citizens. Have an AdWords account? All it takes is one Belgian visitor to your website, and now you need to worry about GDPR.
Understanding what the GDPR does, why it does it, and what is changing will be of crucial importance to you and your business. Sales and marketing teams will probably be the people most interested in what GDPR-compliance will change, but it’s not just them who should be concerned. GDPR-compliance could mean that many systems and processes for collecting, storing and processing information about customers and potential customers could get your company fined.
Treat customer information like their personal property – because it is now
All of the GDPR essentially builds to one purpose: make information about a person that person’s private property. You know the saying, “if you’re not paying for the product, you are the product”? The GDPR basically says that if that’s true, then people should have the right to license that product and control that license.
You can’t just make a copy of your Lord of the Rings DVD and then sell the copy – because the license for the intellectual property belongs to New Line Cinema. Similarly, the GDPR will prevent companies from duplicating, selling or distributing personal information about European citizens without explicit consent.
Understand that “personal information” is a big umbrella
Personal information is much broader than “personally identifiable information”, which some companies working in medical, educational or military fields may recognize. Personal information is any piece of data that could be used to identify a person, from a name to an email address or an IP address. And the GDPR makes processing that data without a person’s consent — for a purpose that the person is not aware of — illegal. So using algorithms to exploit information about potential customers without their knowledge is not allowed if the data you use includes things like:
- Phone number
- IP Addresses
- Economic status
- Cultural identity
- Social identity
See how the bottom part of that list begins to matter a lot to sales teams and marketing teams? If you try to collect that information, or process that information to generate leads or ads, you must first obtain explicit consent. And even if you don’t do business directly in Europe or with Europeans, you must be sure that you don’t accidentally come into contact with information about Europeans.
Come up with ways to get consent
Per the GDPR, all companies must ask for permission, and the customer must opt-in, to the collection of personal information. This change will have two big results. First, your entire company will need to shift focus to privacy protection and risk management. From top to bottom, every team member must understand the commitment to safeguarding customer information. Centralized access controls will need to be put in place, and all employees will need to be trained in enforcing privacy preferences.
Second, sales and marketing teams will now be taking the responsibility of developing intimate relationships with the customer. The customer will need to have a foundation of trust with the company before they give permission for their information to be processed by AI and algorithms. Also once the customer grants that permission, they need to see immediate evidence that it was to their benefit to do so.
Keep using first-party — stop using third-party
Not only will sales and marketing teams need to create meaningful relationships with customers and potential customers, but they’ll probably be doing it in with much less information. Because any information that your company collects directly is yours to do with what you will.
What is no longer legal under the GDPR is using personal information collected by another website or company. The license for a customer’s personal information does not allow a company to sell or transfer that information to anyone else; also, the license for personal information is indefinite, but it is not infinite. The GDPR will require companies to answer a request from any customer about what their data is being used for, and delete it on request.
Don’t be afraid, but be prepared
The GDPR is very, very complicated. It’s a huge change in the way that information is treated online. GDPR doesn’t spell the end of sales and marketing online, but it will change them. Your entire company may need to change what it does with customer information, sales statistics, production metrics and more to stay compliant.
If your company deals with any information about European customers – online or offline – you must be prepared with an excellent customer relationship manager (CRM) and data management tool to ensure that you know what your company is doing with the personal information of your customers.
The GDPR is going to be a burden. But it’s also an opportunity to build intimate customer relationships, and learn more about the clients you serve. Rather than assume information about a client or potential customer based on third-party browsing information and black-box AI predictions, now you’ll need to learn about them, and demonstrate your willingness to offer them the product they’re actually looking for.
GDPR all but guarantees that sales and marketing teams will become even more valuable to market-facing companies than they are today, and have greater and more complex responsibilities, while all the rest of the company will also need to become oriented on compliance and privacy assurance.