Time flies when you’re clambering to comply with new data and privacy regulations. Since coming into effect in 2018, the General Data Protection Regulation (GDPR) has changed the way businesses operating in the EU handle personal data. Yet our recent State of Marketing Report reveals that, two years on, 51% of businesses still feel they are underperforming when it comes to compliance.

Today, the goal for data-driven marketers isn’t just about meeting the GDPR regulations, but to exceed customers’ expectation to gain trust. And as if that wasn't enough, it is important to navigate through the uncertainties of COVID-19 with self-confidence. It’s a balancing act, and that’s why successful brands must take a more strategic approach when it comes to gathering and using customer data. And it seems to be working: 79% of customers will willingly exchange data for relevant and tailored content. Find out more about how AI can help scale personalisation.

So what’s the best way to do this and stay on the right side of the regulations?


Why businesses should care about GDPR

A lot has happened in the last two years, so it’s worth refreshing your memory. Since its implementation, the GDPR has standardised digital privacy legislation across the EU into a central set of rules that protects users in all member states. As it applies to any company that stores or processes information for EU residents, it is a worldwide regulation. 

This means companies operating in the EU must build automatic privacy settings into all their digital products and websites.

The three key areas marketers need to know about GDPR include: 

* Data permission - managing consent and email opt-ins. According to the Data Protection Act, subscribers must express their consent in a freely given, specific, informed, and unambiguous way, followed by a clear affirmative action.

* Data focus - justifying the process of how businesses collect personal data, and only collecting data for the specified, legitimate purpose. 

* Data access - ensuring users have easy access to their data, including the ability to correct or remove it.


The cost of GDPR compliance failure

GDPR isn’t optional, and slip-ups are costly. It is legally binding in all EU member states, and companies must comply with the digital privacy regulation or face a hefty fine of up to €20 million or 4% of their global turnover. 

Supermarket chain Morrisons was fined £150,000 when they emailed customers who previously opted out of receiving marketing emails. And British Airways’ data breach resulted in a weighty £183 million fine.

GDPR compliance is crucial, and these examples are stern warnings for businesses to get it right.


Top 5 GDPR compliance tips marketers can use now

Marketers can help protect their customers’ data, secure their organisation and avoid non-compliance fines by:


1. Reviewing the way you collect personal data

From contact forms to login pages - and all the other processes that collect data - consent must be explicit. Businesses must only ask for relevant information and provide simple opt-out options. Also consider providing more tailored, multi-channel and relevant content choices like industry newsletters and sales offers, which give useful, approved information.


2. Auditing and simplifying your customer databases

A 2018 study by W8 data showed that up to 75% of marketing databases have become obsolete since the implementation of the new regulation, and only 25% of existing customer data meets the GDPR requirements.

This illustrates just how important regular mailing list audits are.Those who have not opted-in to receive marketing emails should be removed from mailing lists to avoid future headaches and hefty fines. While no marketer likes to see their email list shrink, removing unengaged subscribers improves list quality.


3. Educating marketing and sales employees about compliance

Building data protection awareness and creating internal policies and practices is key to staying on top of things. Empower your team with the information they need to flawlessly evaluate and act on customers’ data requests. Additionally, include mandatory training on data protection practices in your onboarding processes for new employees. 


4. Reviewing and updating your privacy statement

People have a right to see what data you have about them. Companies must clearly show how data is used, stored and processed. It’s important that you review your privacy statement to ensure GDPR compliance, and use easy-to-understand terminology that lets customers know what they’re signing up to. When customers or website visitors file a complaint against your company, the financial repercussions could be fatal and the trust of prospective clients irreversibly damaged. 


5. Leveraging CRM systems to store data safely

Storing customer data on Google docs and Excel spreadsheets no longer cuts it when it comes to compliance. Not only are they not encrypted and vulnerable to cyber attacks, but they can also be easily copied which could lead to data breach. Centralising personal data collection in a CRM system makes it easy for users to access their data, review how it’s being used, and make necessary changes at any time. Built-in end-to-end encryption coupled with password protection makes CRM storage systems safer than desktop-stored files. Responsive CRMs such as Salesforce’s also help businesses save time managing data.


GDPR opportunities for marketers

The data protection act has forced marketers to rethink how they collect, use and maintain data. But compliance isn’t just about adhering to regulations - it’s about building brand loyalty and cultivating trust with customers. 

Creating relevant content like white papers and guides, tailored to specific target groups, boosts email marketing success by delivering higher click-through and engagement rates. Marketers can also use push notifications to send a message to subscribers, at any time, though they still require explicit consent. Push notifications encourage people to easily interact with your brand by clicking on the notification, but does not require personal data. They work via the browsers’ own notification delivery service which generates a subscription ID that doesn’t track any other web activity of the user.


Reap the rewards of the GDPR

Privacy compliance isn’t about preventing businesses from communicating with people. In fact, it’s prompted marketers to dive deep into the needs of prospective and existing customers. The result? Strengthened customer trust. Better business reputation. Enhanced data quality and reduced risk.

The GDPR presents many opportunities for switched-on marketers to create marketing strategies that engage people with your brand. Find out more about marketing trends in the latest Salesforce State of Marketing report.