ProCampaign® enables you to manage, enhance and protect your customer profiles and deliver consistent, orchestrated and cross-channel experiences.
Facts About the General Data Protection Regulation
Everything you need to know about GDPR.
What to Expect From GDPR?
Long conjured up, a profound change has been knocking on the marketer's door when the European General Data Protection Regulation entered into force on 25 May. It applies globally to all companies processing personal data of EU citizens, wherever they do so. For example, GDPR applies to US companies processing data from EU citizens in the US.
As the name suggests, the General Data Protection Regulation is a "General Regulation". At this stage, it merely lays down the basis and is subsequently supplemented by additional regulations and laws that apply in a wide variety of areas. Only these extensions regulate much in detail and additional regulations follow. We are therefore at the beginning of a process in which new data protection and data security requirements are being actively pursued. This applies to marketing as well as all other corporate divisions.
What Changes With GDPR?
With the entry into force of the new EU GDPR in May 2018 the legal requirements in the area of data protection and data security have increased. Many of the required measures and regulations had already been anchored in the Federal Data Protection Act (Bundesdatenschutzgesetz) in Germany. However, they are now becoming more detailed, while at the same time the control options, powers and tasks of data protection authorities and data protection officers are expanding.
Changes occur for example at:
- Definition "personal data"
- Information obligations
- Affected rights
What Does This Mean For Dialogue Marketing?
In dialogue marketing, the legal situation regarding the permission to process personal data is relevant: GDPR gives consumers whose data are collected, stored and processed more rights.
Specifically, the requirements are becoming more stringent:
- the consent
- the reporting and disclosure obligations
- the right for portability
- the right for deletion ("right to be forgotten")
- and the reporting obligations.
For dialogue marketing, this also means that personal data must be stored more transparently and affected persons must be informed comprehensively about the use of their data. Upon request, all or part of the data must be deleted or transferred unbureaucratically at any time.
If the legal requirements are met, it is mandatory to appoint a data protection officer who monitors all data processing processes and checks compliance with the rules.
In addition, the principles of "Privacy by Design" and "Privacy by Default" apply according to the regulation. The former means that state-of-the-art data protection measures are already incorporated into the conceptual development of products and processes, while "Privacy by Default" means, for example, that default settings for devices or online platforms should have the highest data protection level as standard.
Consequences of GDPR
The stricter regulations of GDPR and the other laws that depend on it entail risks, both for companies that process personal data and for their service providers, including:
- Management liability
- Fines of up to 4% of worldwide sales or 20 million Euro
- Reputation loss for companies - which in practice is often even worse than a fine
- Industry experts expect a wave of warnings, fines and precedents
But: Data protection carries not only risks, but also strategic opportunities to improve the relationship of trust with your customers and to use the opportunity for brand management and brand building.
Because: Data protection is brand protection!
How Important Are Certifications?
- Certifications show that companies protect their brands
- Certifications strengthen customer trust and thus brand loyalty
- Certifications require clearly defined control and regulation mechanisms
- Certifications as a seal of quality
Which Certifications Can Marketers Trust?
As required by Article 42 and Article 43 of GDPR, in future all data protection seals of approval must have undergone uniform European accreditation and certification procedures. This is already the case with ISO certifications such as ISO 27001, which serves as the basis for data protection certification. The European Privacy Seal (EuroPriSe), in which a panel of experts is working intensively on accreditation, represents a very good and mature certification. It contains a GDPR criteria catalogue and is based on the requirements of ISO 27001. EuroPriSe is already mentioned in some EU documents as an example of a possible standard. With this certificate, companies are extremely well positioned both on the technical side and in the less technical areas such as procedures, processes and documentation.
What Should You Do Now to Deal Professionally With the Challenges?
- Form a team and structures to master the challenges.
- Check your data, processes, systems, procedures, documentation.
- Check your service providers for "valuable" certifications.
- Use products/services that are certified.
- Look for trustworthy, competent, certified partners.
- Consider data protection already at the beginning of a provider selection.
ProCampaign proves again that a privacy-compliant use of CRM systems is possibleStefan Meissner, Head of the EuroPriSe Certification