GDPR: A Marketer’s Guide to protecting your customers – and your company

The GDPR has been in place since 2018, and yet the number of violations are on the rise. This article is for marketers to understand what they need to know about the GDPR and how they can ensure compliance, while still creating the most relevant, personalised communication possible.

If you’re based in Europe and work in marketing – or use the internet at all – then you have been affected by the EU’s General Data Protection Regulation. The GDPR has been enforced since 2018, and yet there have already been over €1.28 billion in fines. And, it seems like the fines are increasing in frequency: according to Finbold, the total number of GDPR violations has increased by over 113% from July 2020 to July 2021 – and the fines have also surged by 124.92%. 

It goes without saying that you do NOT want your company to end up with a massive fine.

So, how can you, as a marketer, do your part to ensure that your company is GDPR compliant – while also doing your job and sending personalised communications that boost conversions?

This article is a collection of the best practices for compliance as developed over the last three years, paired with information on how to enact these practices within the Agillic platform. Please note: this article is by no means comprehensive and should not be substituted for legal advice. Please read the full GDPR here, and seek legal guidance to ensure compliance.

How does the GDPR affect marketers

To comply with the GDPR, you need to know how it will impact your work – so let’s go over the basics. 

Under the GDPR, you can only process data when doing so is legal, fair and when it is transparent how and why the data is being used. Legally speaking, you may only collect the minimum amount of data necessary to accomplish your business goals. That data must be accurate, confidential, and securely stored, and data collectors must be able to demonstrate GDPR compliance at any time.

As a marketer, your work is most impacted by the GDPR as it pertains to consent, data access and data scope.

Consent: As a marketer, there are only two circumstances in which you are allowed to process data under the GDPR: if you have clear, recorded consent to process the data, or if you have “legitimate interest” to process someone’s personal data (like being able to invoice a customer).

To collect data and send communications to an individual, you must have “freely given, specific, informed and unambiguous” consent. When gathering consent, you must make the request in clear language and separate it from other information. Keep the permission documented, and know that it can be removed at any time.

The only relevant exception for marketers is the case of “legitimate interest”. What constitutes a legitimate interest is ambiguous – it can include marketing materials, such as transactional emails or even upselling messages such as abandoned basket emails – but caution is advised when collecting data or sending communication under legitimate interest. For a comprehensive exploration of what “legitimate interest” means, please read this article.

Data Access: Data subjects have the right to be informed on the usage of their data and to access, correct, restrict processing of or remove their data from its usage. They also have the right to data portability, the right to object to its usage, and rights related to automated decision making and profiling. They can exercise these rights at any time, and you have to be ready to demonstrate what data you have on them, where you are storing it, how you are using it and why.

Data Scope: You are legally only allowed to collect the minimum required data necessary to achieve the outlined goal. If there is another, less intrusive way to reach your goal, then data collection is not warranted and therefore not legal. You must be able to demonstrate and justify what data is being collected and held, and why. This means that you will need to gain consent to collect different data for different uses. For example, you would need separate consent to communicate via email, SMS and to track a user on your website. You would also need separate consent to send product-related content and to send company-related content. Personal data can only be employed for the specific purpose for which it was collected; consent will need to be obtained before it is used for any other purpose.

Legally speaking, you may only store data for the shortest possible time, given the reasons why your organisation needs to process the data. You should establish a timeframe in which to review or delete the data stored, and ascertain that it is up-to-date and accurate.

Best Practices for GDPR

Despite the restrictions it puts on your ability to collect and use data, the GDPR essentially pushes marketers to do better work. The law only allows marketers to contact people who want to be contacted, for the topics that they are interested in. Ultimately, it forces you to send out more relevant communications to a more receptive audience. Read on below to learn how you can market effectively while complying with the GDPR.

Keep your recipient database clean and organized

Ensure that you have obtained opt-in permissions for ALL of your contacts. Should contacts choose to revoke this consent and opt-out, be sure they are removed across all of your systems. Segmentation is key – since you have to collect permission to contact subscribers for different channels and communication types, make sure that your contacts are clearly separated into the categories for which you have permission to contact them.  

Agillic will automatically block communications to recipients that do not have valid contact information; read here to learn how valid recipients are measured. Read our Knowledge Base articles to learn how to edit and delete recipient data in Agillic.

Align with third parties

If you have third parties that have access to the data you collect, minimise the number of people with access. Ensure that those with access are GDPR compliant and that they are securely storing your data.

Update your privacy policy

Your privacy policy must be written in line with the GDPR regulations. The language must be clear and simple, and the policy must outline how you will use personal data, any third parties who will have access, how long you intend to retain the data, and the contact information of the individual primarily responsible for data management at your organisation. You must also provide an overview of individuals’ rights under the GDPR, and detail how they can access the personal data you have collected or remove consent. Make sure your privacy policy is easily available on your website; best practice is to embed it alongside consent forms or pop-ups, as well as in all email marketing communications.

Align across departments

Make sure your sales team knows who they can and cannot contact and how they are permitted to reach out to leads. Align with your IT team to ensure that all personal data is being encrypted and safely stored. Secure that everyone who handles personal data uses protective methods such as two-factor authentication, is aware of your privacy policy, and that access to personal data is only granted to those who absolutely need it.

Run opt-in campaigns

Utilise other channels, such as social media, website, app etc., to prompt potential customers to subscribe to your contact lists. Offer them a discount, freebie or piece of content in exchange for their permissions, and tell them what they will gain from your communications. Best practice is to run a double opt-in campaign, which ensures that their information is correct and that consent has been freely given; this is how you set up a double opt-in campaign in Agillic.


Once you have a recipient’s consent on one channel, or for one purpose, use it to leverage consent for other channels or categories by running campaigns and illustrating the benefits of receiving these other communications from your organisation. Read about how to manage permissions in Agillic here.

Create strong processes

Make sure that you are ready to demonstrate your compliance with the GDPR. Create a page on your website where customers can request their data information. Designate a team member to check for data information requests, and ensure that the member knows where to retrieve the required information. Read our guide on how to make a GDPR export in Agillic. All requests must be addressed within one month to be GDPR compliant. Make sure that you are prepared with communication materials so you can respond quickly in the event that a data breach does occur. 

 

Take a look at our Knowledge Base articles to understand security settings in Agillic and see our recommended best practice for data sensitivity management

Conclusions

Fundamentally, the GDPR is there to protect customers’ privacy and mitigate risk of harm due to misuse of their personal data. While it does present some challenges, the GDPR makes your marketing stronger by making sure you are sending targeted and personalized messages, only to the people who really want to receive them. Our Product Specialists have compiled an article about how to use the Agillic platform to comply with GDPR; please read the article for more information. 

Take a look at how other businesses are achieving their goals by delivering personalised customer experiences.

Share:

LinkedIn
Twitter
Facebook
Press Release Matas

Matas builds further customer loyalty with Matas Plus, powered by Agillic

October 13, 2021
GDPR-2

GDPR: A Marketer’s Guide to protecting your customers – and your company

September 17, 2021
NGO-v-3

Agillic welcomes its ninth NGO organization, expanding its local and international support to third sector clients

August 30, 2021

Sign up to our newsletter

Agillic newsletter

Inspiration and insights on personalised marketing delivered straight to your inbox

Fill in the form to request a demo

    Want to know more about Agillic?
    Join our inspiration feed.

      Fill in the form to watch the webinar and
      receive the slides in your inbox

        Fill in the form to receive the case in your inbox

          Fill in the form to watch the webinar and
          receive the slides in your inbox

            Fill in the form to watch the webinar and
            receive the slides in your inbox

              Fill in the form to receive the case in your inbox

                Fill in the form to receive the case in your inbox

                  Fill in the form to receive the case in your inbox

                    Fill in the form to receive the case in your inbox

                      Fill in the form to get the case in your inbox

                        Fill in the form to watch the webinar and
                        receive the slides in your inbox

                          Fill in the form to receive the case in your inbox

                            Want to know more about Agillic's Investor relations?
                            Join the newsletter.

                              Fill in the form to receive first chapter of
                              the book "Make It All About Me"

                                Give us your contact information,
                                and we will reach out to you

                                  Fill in the form to receive our 'Buyer's Guide'

                                    Fill in the form to receive
                                    "Channelling your customer"

                                      Fill in the form to watch the webinar and
                                      receive the slides in your inbox

                                        Fill in the form to watch the webinar and
                                        receive the slides in your inbox

                                          Fill in the form to watch the webinar and
                                          receive the slides in your inbox

                                            Fill in the form to receive the link for the video
                                            "Omnichannel Marketing: Is there a Secret Sauce?"

                                              Fill in the form to be able to watch the video

                                                Fill in the form to get access to cases

                                                  Fill in the form to request a demo

                                                    Fill in the form to receive the first chapter of
                                                    the book "Make It All About Me"

                                                      Provide your contact information, and
                                                      we'll send the voucher for your free ticket!

                                                        Fill in the form to receive the link
                                                        for the video "Agillic Summit19 Vibes"

                                                          Fill in the form to receive the link
                                                          for the video "Act on Insight"

                                                            Fill in the form to watch the webinar and
                                                            receive the slides in your inbox

                                                              Fill in the form to watch the webinar and
                                                              receive the slides in your inbox

                                                                Fill in the form to watch the webinar and
                                                                receive the slides in your inbox

                                                                  Fill in the form to watch the webinar and
                                                                  receive the slides in your inbox

                                                                    Fill in the form to watch the webinar and
                                                                    receive the slides in your inbox

                                                                      Fill in the form to watch the webinar and
                                                                      receive the slides in your inbox

                                                                        Fill in the form to watch the webinar and
                                                                        receive the slides in your inbox

                                                                          Fill in the form to watch the webinar and
                                                                          receive the slides in your inbox