A year into GDPR, there is much more clarity about how the regulation affects businesses, data and marketing. It is being taken very seriously, thanks to some of the fines levied against well-known organizations and as consumers become more informed. Businesses are more thoughtful about how they collect, use, store and secure data. Real balancing tests are being undertaken, not just tick-box exercises, to ensure accountability and protection of the rights of both businesses and consumers. Companies place more value on consumer opinion because they know that if they get it wrong, consumers will take note. Trust and brand loyalty will suffer, and a fine might result. GDPR means transparency is king.

There is still some confusion in the market because of grey areas of the regulation. GDPR is a principles-based regulation and there are multiple interpretations for some elements. These are slowly coming together as the industry settles on self-imposed good practices. No doubt some of the current, accepted lines will move, and restrictions will change.

A new era of responsible marketing

Importantly GDPR has given rise to the concept of ‘responsible marketing’, meaning that businesses and marketers are using data honestly and transparently to add value for consumers. Companies and brands know they must use new ways to appeal to an increasingly discerning audience and data analysis provides an opportunity to do that.

So how can you ensure your marketing is responsible? There are three key fundamentals to keep in mind: data transparency, data compliance, and data responsibility.

Data transparency

GDPR encourages and enforces responsible data management. Businesses, and marketers should demonstrate transparency in the way they collect and use data and provide easy-to-understand documentation that demonstrates the legal use of data.

Direct marketing is a legitimate-interest activity in certain circumstances. Identify and understand your marketing journeys, analyse whether a legitimate interest for direct marketing is available instead of consent and if it is, record how you met the protection of an individual’s rights and reasonable expectations.

Data compliance

For any marketing activities, you must ensure there is accountability and ownership of both the GDPR and PECR (Privacy and Electronic Communications Regulations) within your organization.

Know your data: understand what you have and why. Make sure you know who, what, where, when and how personal data is or was collected and assess if you can keep using it compliantly under GDPR.

Provide clear, easy to understand language detailing what your lawful basis for processing data is and check your permission messages, including the requirement to inform before the individual gives their consent. The right to revoke consent must also be offered.

Data responsibility

Businesses need to prove they will store information responsibly. Customers also need to be educated on the benefits and value of sharing their personal data.

Using information on lifestyle characteristics, attitudes, buying behaviour and communication preferences, businesses can build on the unique relationship they have with each customer, but customers need to be aware that this is what their data will be used for. Businesses can then identify and nurture the most receptive customers to ensure a profitable long-term relationship and build brand loyalty.

GDPR provides businesses and marketers with a great way to demonstrate transparency and build more trusted, profitable relationships with both new and existing customers. Thanks to GDPR, customer data is now stored and used transparently, compliantly and responsibly by the majority of businesses, ensuring better marketing practices all round. That’s a win-win for everyone.

Andy Bridges is Data Quality and Governance Manager at REaD Group.

Compliance GDPR