Are you prepared for GDPR?
Disclaimer: The information in this blog is provided for general informational purposes only. No information contained within should be construed as legal advice from Verticurl, nor is it intended to be a substitute for legal counsel on the subject matter.
Data acquisition and management practices may forever be analyzed as pre-and-post May 28, 2018, the date being when GDPR comes into effect.
GDPR provides the user control over how and why their data gets stored, analyzed and used. Given that “data is the new oil”, we at Verticurl believe GDPR will help the user get more control about how they get marketed to. Also, as practitioners of data-driven marketing, we consider that data is the cornerstone of any marketing activity, so the more deliberate and structured an organization is about data acquisition and management practices, the better its marketing outcomes will be.
As an agency, we would also like to help our clients, and the marketing industry, get better prepared for GDPR and hence we are releasing a series of 3 blogs to help them plan to become compliant with these upcoming regulations. The blogs will cover:
- Who gets impacted by GDPR (covered in this article)
- What is the impact of GDPR
- How do you become GDPR compliant?
Who gets impacted by GDPR?
Since GDPR is an EU specific rule, there is an assumption that only EU marketers need to be GDPR compliant, and the global teams might need to help the EU teams get their processes and systems aligned with these laws. This is a WRONG assumption. GDPR is a law that covers all EU nationals and since a marketing activity run by any region could touch an EU national, all regions need to be aware of it and ensure that their systems and practices are GDPR compliant.
Here are some scenarios where a marketing campaign run by North America or Asia-Pacific marketers can touch EU nationals:
-
Events
a lot of events are global in nature and attract people from all over the world. It’s also possible that you invited contacts only from your region, but you get some walk-in visitors who are from the EU. These contacts are still covered under the GDPR guidelines, so any data acquisition or post-event marketing activity needs to be GDPR compliant.
-
Website traffic
there could be an EU national who is visiting your region and the IP redirecting rules on your website direct the contact to the country-specific website. This person is still covered under GDPR rules, and hence cookie policy or form submission data need to be GDPR compliant for this contact.
-
Email forward
you might be sending a campaign to contacts within your region, but they can forward that email to their colleagues/friends who are in the EU. When these contacts click on the link and reach a form, these forms need to be GDPR compliant.
These are just some of the scenarios where a campaign run in NA or APAC touches an EU national and hence needs to be GDPR compliant. Also, as an organization, it is better for you to play safe and implement the rules globally and not just in EU, as the fines (20 million €, or 4% of your global turnover whichever is higher) could be significant and can also impact your reputation with your customers.
In summary, GDPR is a regulation that every marketer should be aware of and might be worth implementing globally.
Coming up next in this blog series: our take on the impact of GDPR and how to get GDPR compliant.
Please send a request on enquiry form to receive our Whitepaper on GDPR to get more details on this topic. Also, please feel free to contact us if you would want us to help you get GDPR compliant.
