The General Data Protection Regulation (GDPR) initiative has changed the way the world collects consumer data.
People hold more power than ever over how their data is collected, stored and used. As a result, companies must be more transparent about how they manage client data.
Thanks to GDPR, we're witnessing a huge upsurge in demand for inbound marketing strategies.
Consumers have far more control over their personal data now GDPR has come into play, and organisations that fail to comply will be charged £17.2m (€20m) or 4% of their annual turnover.
Unfortunately, many traditional marketing strategies fail to meet GDPR requirements, and organisations are under pressure to improve. So, how can your business survive without outbound marketing tactics, and how should you approach lead generation after GDPR?
"GDPR applies to everyone - every business in the country needs to understand it - but for most, the implementation shouldn’t actually be that painful"
Many business owners and managers are currently treating GDPR as a burden, but they couldn’t be more wrong. Adopting an inbound marketing strategy could attract valuable leads to you in an ethically compliant and highly effective manner, fuelling business growth.
According to HubSpot, companies are three times more likely to see higher returns using inbound marketing when compared against outbound, and inbound costs per lead are likely to cost up to 62% less than traditional outbound methods.
The UK’s current Data Protection Act was conceived in 1998, the same year Google was founded. Unsurprisingly, this legislation doesn’t deal with many aspects of personal data protection that are relevant to us today.
This isn’t an attack on UK businesses by the European market. The UK Government is actively driving GDPR development and implementation, and the regulations will be applicable to us, Brexit or no Brexit.
Now that GDPR is in place, companies that buy in data will be held responsible for any breaches – even if they stem from suppliers. Similarly, suppliers can be held responsible for how their data is used by others.
These new regulations act a push for companies to move away from brokering in data and cold calling strangers. Complying will improve your data quality and boost marketing performance.
The UK has one of the biggest digital economies in Europe, so it’s important we share a level playing field with neighbours. GDPR is vital to creating harmonisation throughout the EU in a digital single market.
GDPR is a great incentive for companies to improve performance and push up industry standards. Compliance is now a competitive value, and it may pay to adopt a customer-first, responsible attitude.
The concept of personal data has been expanded since 1998, and now includes all the ‘platform stuff’ which businesses collect online. Essentially, this gives citizens back control of their data. Fair enough, right?
Contact information is now seen as personal data, even if it’s a work email (though this is a common misconception). Lead generation after GDPR will also require a lawful basis for the collection of data, and must meet specific principles and processing conditions.
As a result of this, companies won’t be able to just buy in a data list and assume that it’s OK. You will have a responsibility to check whether your suppliers are compliant with GDPR. If not, you will also be held responsible for the transgression and could face huge fines.
For instance, HubSpot is taking the necessary measures to comply with GDPR, so Six & Flow can be confident that they are and will remain a trusted partner. Be sure to check your own providers are similarly compliant.
Historically, individuals had three important rights in regards to their personal data. These were the right to object to direct marketing, the right to make a data access request (and see your own collected data, often for a small fee) and the right to object to automated decision making.
Now that GDPR has come into force, individuals benefit from two new rights – the right to erasure and the right to data portability.
The right to data portability means a subject can transfer their personal data between service providers in convenient electronic format. This makes it quicker and easier for individuals to change service providers – good for companies who are winning over plenty of new customers, bad for companies who are relying on loyal customers simply staying put.
The right to erasure (more commonly known as the right to be forgotten) means that a data subject can request that a company deletes any personal data held on them. Subjects can be ‘forgotten’ if the company has no compelling reason, no consent, or no legal basis for holding the personal data in question.
What makes this more complicated? Any ‘forgotten’ data must also be deleted by any third party that now possesses it – so companies need to know where their data has gone and who’s holding it. It may sound obvious, but this is a common and far-reaching problem.
GDPR compliance imposes higher standards on the collection and use of personal data. Companies need to know precisely what data they are collecting, what they plan to do with it, and who they plan to store it. As a result, we are seeing the death of pre-ticked checkboxes.
Companies can no longer make assumptions about a subject’s consent. Instead, consent needs to be freely given, specific and informed. This means fully explaining and gaining consent for each individual reason for data collection, rather than using an all-in-one ‘I agree to everything’ checkbox.
Companies have always needed consent for direct marketing, but after GDPR they will also need consent for processing (collecting additional data to process, segment or target leads) As a result, brands may now offer leads the option of receiving standard non-targeted emails, or emails more suited to your tastes as a result of data processing.
GDPR is now in force, and there will be no window of leniency. The ICO is already ramping up enforcement, with Carphone Warehouse recently fined £400,000 over a significant personal data breach.
Start with a Data Protection Impact Assessment (DPIA). This audit will set a baseline for your needs and activities, and help with policy implementation and updates. Once this is done, you will need to maintain compliance. This means conducting quarterly reviews, implementing crisis management processes and most importantly, running staff training. After all, your employees will need to abide by the new regulations.
While this may seem a lot to do, we would still recommend you avoid downloading a set template for your business’s GDPR compliance policies. Getting a custom policy tailored to your unique needs shouldn’t be that much more expensive, and is likely to be a far better fit for your business.
Last but not least, you’ll probably want to keep in contact with your current leads. To do this, they’ll need to re-opt into your data lists to ensure compliance with GDPR. Our advice? Approach the process of achieving GDPR compliance like speed dating.
You want to talk to leads/dates who actually want to engage with you. Trailing uninterested individuals around the bar in hopes that they’ll eventually talk to you is inefficient, non-compliant and a little bit creepy. If they don’t want to know, it’s time to let them go.
Explain to leads what you’re offering. Show your value. Lay it all on the table, and let them decide if they’re interested. When you ask for their details, make it clear what you plan to use their personal data for. Inviting them on a date – good. Sharing their number with all your friends – bad.
Lastly, only ask for personal data which is relevant to you, and don’t collect data for the sake of it. You’ll probably need your date’s phone number, for example, but not their shoe size.
Following this process, you should end up with a data list of relevant, engaged and available leads who will be happy to hear from you in the future.
Last but not least, consider how your business can generate and nurture new leads, and whether an inbound marketing strategy could benefit you.
It's time for many UK businesses to have a spring clean, and we expect a huge upsurge in the demand for inbound marketing strategies as a result.
Download our free guide to marketing after GDPR and discover how you can attract, engage and convert leads in an ethical and effective manner.