The General Data Protection Regulation (GDPR) initiative will change the way the world collects consumer data.
People will hold more power over how their data is collected, stored and used, and companies will have to be more transparent about how they manage client data.
As a result of this change, we expect a huge upsurge in the demand for inbound marketing strategies.
Consumers will be given far more control over their personal data when GDPR comes into play, and organisations that fail to comply will be charged £17.2m (€20m) or 4% of their annual turnover.
Unfortunately, only 25% of existing customer data meets GDPR requirements, according to an audit conducted by W8 data.
So, how can your business survive without outbound marketing tactics, and how should you approach lead generation after GDPR?
"GDPR applies to everyone - every business in the country needs to understand it - but for most, the implementation shouldn’t actually be that painful"
Many business owners and managers are currently treating GDPR as a burden, but they couldn’t be more wrong. Adopting an inbound marketing strategy could attract valuable leads to you in an ethically compliant and highly effective manner, fuelling business growth.
According to HubSpot, companies are three times more likely to see higher returns using inbound marketing when compared against outbound, and inbound costs per lead are likely to cost up to 62% less than traditional outbound methods.
The UK’s current Data Protection Act was conceived in 1998, the same year Google was founded. Unsurprisingly, this legislation doesn’t deal with many aspects of personal data protection that are relevant to us today.
This isn’t an attack on UK businesses by the European market. The UK Government is actively driving GDPR development and implementation, and the regulations will be applicable to us, Brexit or no Brexit.
After GDPR is in place, companies that buy in data will be held responsible for any breaches – even if they stem from suppliers. Similarly, suppliers can be held responsible for how their data is used by others.
These new regulations will act a nudge for companies to move away from brokering in data and cold calling strangers. Complying will improve your data quality and boost marketing performance.
The UK has one of the biggest digital economies in Europe, so it’s important we share a level playing field with neighbours. GDPR is vital to creating harmonisation throughout the EU in a digital single market.
GDPR is a great incentive for companies to improve performance and push up industry standards. Compliance could soon be a competitive value. It may pay to adopt a customer-first, responsible attitude.
The concept of personal data has been expanded since 1998, and now includes all the ‘platform stuff’ which businesses collect online. Essentially, this gives citizens back control of their data. Fair enough, right?
Contact information is now seen as personal data, even if it’s a work email (though this is a common misconception). Lead generation after GDPR will also require a lawful basis for the collection of data, and must meet specific principles and processing conditions.
As a result of this, companies won’t be able to just buy in a data list and assume that it’s OK. You will have a responsibility to check whether your suppliers are compliant with GDPR. If not, you will also be held responsible for the transgression and could face huge fines.
For instance, HubSpot is taking the necessary measures to comply with GDPR, so Six & Flow can be confident that they are and will remain a trusted partner. Be sure to check your own providers are similarly compliant.
Currently, individuals have three important rights in regards to their personal data. These are the right to object to direct marketing, the right to make a data access request (and see your own collected data, often for a small fee) and the right to object to automated decision making.
After GDPR comes into force, individuals will benefit from two new rights – the right to erasure and the right to data portability.
The right to data portability means that a subject can transfer their personal data between service providers in convenient electronic format. This will make it quicker and easier for individuals to change service providers – good for companies who are winning over plenty of new customers, bad for companies who are relying on loyal customers simply staying put.
The right to erasure (more commonly known as the right to be forgotten) means that a data subject can request that a company deletes any personal data held on them. Subjects can be ‘forgotten’ if the company has no compelling reason, no consent, or no legal basis for holding the personal data in question.
What makes this more complicated? Any ‘forgotten’ data must also be deleted by any third party that now possesses it – so companies need to know where their data has gone and who’s holding it. It may sound obvious, but this is a common and far-reaching problem.
Read more: Marketing after GDPR a guide for marketers
GDPR compliance will impose higher standards on the collection and use of personal data. Companies need to know precisely what data they are collecting, what they plan to do with it, and who they plan to store it. As a result, we will see the death of pre-ticked checkboxes.
Companies will no longer be able to make assumptions about a subject’s consent. Instead, consent will need to be freely given, specific and informed. This means fully explaining and gaining consent for each individual reason for data collection, rather than using an all-in-one ‘I agree to everything’ checkbox.
Companies have always needed consent for direct marketing, but after GDPR they will also need consent for processing (collecting additional data to process, segment or target leads) As a result, brands may have to offer leads the option of receiving standard non-targeted emails, or emails more suited to your tastes as a result of data processing.
Come 25th May, there will be no window of leniency. The ICO are already ramping up enforcement, with Carphone Warehouse recently fined £400,000 over a significant personal data breach.
Start with a Data Protection Impact Assessment (DPIA). This audit will set a baseline for your needs and activities, and help with policy implementation and updates. Once this is done, you will need to maintain compliance. This means conducting quarterly reviews, implementing crisis management processes and most importantly, running staff training. After all, your employees will need to abide by the new regulations.
While this may seem a lot to do, we would still recommend you avoid downloading a set template for your business’s GDPR compliance policies. Getting a custom policy tailored to your unique needs shouldn’t be that much more expensive, and is likely to be a far better fit for your business.
Read more: Our checklist for getting GDPR ready
Last but not least, you’ll probably want to keep in contact with your current leads. To do this, they’ll need to re-opt into your data lists to ensure compliance with GDPR. Our advice? Approach the process of achieving GDPR compliance like speed dating.
You want to talk to leads/dates who actually want to engage with you. Trailing uninterested individuals around the bar in hopes that they’ll eventually talk to you is inefficient, non-compliant and a little bit creepy. If they don’t want to know, it’s time to let them go.
Explain to leads what you’re offering. Show your value. Lay it all on the table, and let them decide if they’re interested. When you ask for their details, make it clear what you plan to use their personal data for. Inviting them on a date – good. Sharing their number with all your friends – bad.
Lastly, only ask for personal data which is relevant to you, and don’t collect data for the sake of it. You’ll probably need your date’s phone number, for example, but not their shoe size.
Following this process, you should end up with a data list of relevant, engaged and available leads who will be happy to hear from you in the future.
Come 25th May, there will be no window of leniency. Sales and marketing after GDPR passes will never be the same. The ICO is already ramping up enforcement, recently fining Carphone Warehouse £400,000 over a significant personal data breach.
So what steps can you take now? Starting with a Data Protection Impact Assessment (DPIA) is vital. This audit will set a baseline for your needs and activities, and help with policy implementation and updates.
Once this is done, you will need to maintain compliance. This means conducting quarterly reviews, implementing crisis management processes and most importantly, running staff training. After all, it’s your employees who will need to know about the new regulations.
While this may seem a lot to do, we would recommend you avoid downloading a set template for your GDPR compliance policies. Getting a custom policy tailored to your business shouldn’t be that much more expensive, and is likely to be a far better fit. This is too important to do a shoddy job!
Last but not least, consider how your business can generate and nurture new leads, and whether an inbound marketing strategy could benefit you.
It's time for many UK businesses to have a spring clean, and we expect a huge upsurge in the demand for inbound marketing strategies as a result.
Download your free guide to marketing after GDPR and attracting inbound leads in an ethical and effective manner.