The race is on for businesses across the globe to become compliant with the European Union’s General Data Protection Regulation (GDPR) before the May 25, 2018 deadline. With the countdown in the double digits, business and marketing decision makers must act now to avoid hefty fines. For companies outside of the EU, it is even more critical to examine current practices and become compliant — it applies to any business communicating or doing sales with EU residents, regardless of business location.
Working closely with digital marketers, I’ve seen confusion around this topic with those in North America. Forrester recently discovered that only 33% of North American companies are currently GDPR compliant. In fact, we recently found that the large majority of email marketers are still unfamiliar with the upcoming mandate. This recent data and my observations point toward one thing: Marketers need to accelerate their GDPR compliance efforts now before they face noncompliance and hefty fines.
More than just data security: Why should marketers care?
Many marketers are leaving GDPR efforts to their information security counterparts. But the GDPR is more than a data security matter. It requires the entire company to change how it markets, recruits and stores consumer data. In fact, this regulation is as important for marketers as it is for security pros.
The marketing department is one of the most impacted departments at any company due to the amount of consumer information and data that we as marketers use in our programs. The GDPR protects anything that is considered personally identifiable information. Marketers especially have this consumer data, like email addresses, phone numbers, birthdays and social media handles, integrated into their systems — increasing their risk.
Because of this, we must make sure marketing programs are at the forefront of all GDPR compliance efforts. Marketers must adapt their programs and the way they communicate with EU residents, in particular being mindful of targets and data collection efforts.
Lessons from the past: What can marketers learn from CAN-SPAM?
The last major legal milestone that impacted marketers was the CAN-SPAM Act signed into law by President Bush in 2003. This act has since changed the way we as marketers utilize the web, specifically email, just as the GDPR will moving forward.
The intent of the CAN-SPAM Act was to eliminate the overwhelming amount of spam and irrelevant emails consumers in the U.S. were receiving. The act can be broken down into three overarching categories that mandate how email marketers can communicate with subscribers: unsubscribe compliance, content compliance and behavioral compliance.
Marketers were required to eliminate jargon and use concise language in subject lines, ending deception of consumers by opening irrelevant and malicious emails. Email marketers were also required to offer opt-out mechanisms to remove a subscriber’s email from systems within 10 business days. While the law was met with skepticism, it was a step toward regulating marketing and offering consumers some relief when opening their inboxes.
The new GDPR regulation is taking the CAN-SPAM Act one step further for Europeans. First, the GDPR addresses permission-based sending, which was absent from the CAN-SPAM Act. While the U.S. law required marketers to remove subscribers from unwanted lists, the GDPR requires companies to receive explicit and unsolicited permission to even email EU citizens. Additionally, marketers must permanently remove or anonymize all personal information upon request, taking opting out one step further.
The GDPR is also moving one step closer to full transparency with consumers by reiterating the need for clear and non-deceptive language. As a marketer, it can be easy to get carried away with unique subject lines and body text to capture attention and drive your desired narrative. But in the end, it’s important to use simple and clear language with subscribers. This is not only key to the CAN-SPAM Act — it is also an important passage for the GDPR. Simplicity can offer greater transparency for subscribers and help create a consistent cadence with consumers, to the point where subscribers will learn to expect emails in their inbox from you.