Download this must-have guide to start your marketing automation journey.

Blog
GDPR 2018: what obligations for marketers?
5 min read

GDPR 2018: what obligations for marketers?

The end of the year is fast approaching. Across France and Europe, companies are finalizing their marketing action plans for 2018. All of these strategies, as diverse as they may be, have one thing in common: the GDPR (General Data Protection Regulation). This new legislation is on everyone’s lips! These discussions generally highlight fears that are most often unfounded, even though exchanging contact information can be risky in your work  But what concrete obligations will the entry into force of this regulation impose? The answers are in this article.

GDPR 2018 – What is it again?

Before getting to the heart of the matter and discussing the implications for your marketing teams, we offer you a brief reminder of the main information to know about the GDPR.

What is it? The GDPR, or General Data Protection Regulation, was initiated and designed by the European Parliament with the aim of strengthening individual rights regarding the collection and use of personal data.

When is it? The text was adopted in April 2016 (after more than 4 years of preparation) and will come into force on May 25, 2018 (it is already in force), hence the need to put rigorous marketing action plans in place!

Who is it for? The GDPR concerns the processing of European citizens’ data, but it has extraterritorial application. This means that it will apply to all individuals and companies, regardless of their country of origin, that collect and/or process the data of European internet users. The GDPR also applies to third parties such as subcontractors or hosting companies.

What should you expect in the event of non-compliance with the GDPR? Several levels of fines have been planned by the European Parliament. The highest penalties reach 4% of revenue or 20 million euros.

 

Also read: Manage your cookies for your GDPR compliance

Also read: The new rules on cookie management, a bombshell for software publishers and web app publishers

GDPR 2018: what obligations for marketers?

Marketing teams are directly concerned by the GDPR because they collect and use the majority of personal data within the company. They will now have to comply with the following obligations:

  • right of access: provide full access to the data held on a user if they request it
  • right to information: clearly inform the user how their personal data is collected and used
  • right to rectification: modify or erase a user’s personal data if they request it
  • right to data portability: offer internet users the possibility of retrieving their data in a readable and open format so that they can reuse it for personal purposes

Among the other rules that marketers will have to observe, the most important concern the record of processing activities, consent, the use of an existing contact database, and list purchasing.

1 – The record

Contrary to what one might think, the GDPR does not overturn the legal obligations that companies are subject to. This is particularly true in France, where the legislation, and in particular the “Data Protection and Freedoms” law, already provides for constraints similar to those of the GDPR.

What will really change for marketers? Companies will now have to be accountable, which was not always the case before. In concrete terms, they will have to map every personal data processing activity they carry out. This will take the form of a record (an Excel file) in which the following must be recorded:

  •      the purposes of the data processing
  •      technical and organizational security measures
  •      the categories of personal data concerned and sensitive data if necessary
  •      data deletion deadlines
  •      the location where the data is hosted
  •      the recipients of this data (within and outside the EU)
  •      proof of consent from the data owners

You can download a record template on the CNIL website.

In the age of the GDPR, companies must obtain the explicit consent of internet users in order to collect and process their personal data.

Passive opt-in is dead, long live double opt-in! Gone are the days when consent was obtained by default thanks to a pre-checked box at the very bottom of a form (passive opt-in): these practices will no longer be tolerated. Instead, it is recommended to use double opt-in. This method consists of obtaining the internet user’s consent twice before adding them to your marketing lists:

  • the first time when they fill out a form on your website, for example
  • the second time by sending them a confirmation email in which they will have the possibility to reiterate their consent (by clicking on a confirmation link or by entering their email address again, for example)

Double opt-in is the best practice when it comes to consent. Indeed, to comply with the GDPR, companies will have to keep proof of consent and be able to show it upon request from the CNIL or the consumer. Double opt-in will therefore have the advantage of leaving no doubt as to internet users’ intent.

3 – Using an existing contact list

You are now up to speed on the steps to take regarding consent for your future marketing actions. However, you must keep in mind that the GDPR will apply to all of your data, and not only to that collected after the regulation comes into force, on May 25, 2018.

For marketers, this means being able to provide proof of the explicit consent of current contacts. You will need to sort through your contact database and launch opt-in campaigns in order to obtain the consent of these existing contacts!

4 – Buying and exchanging contact lists

From a purely marketing perspective, we advise against using purchased or exchanged lists. Quite simply because today it is obvious that traditional sales and marketing tactics such as cold-calling or cold-emailing are no longer considered best practices. No one likes receiving a sales call or wondering how a company managed to obtain their personal email address. It damages your brand image.

From a legal standpoint, there are situations where buying and exchanging contact lists are not illegal, but it remains a bad idea given how strict the conditions are for complying with the regulations.

Compliance actions are therefore likely to be numerous and time-consuming for marketing teams. However, you still have several months to prepare for the GDPR coming into force (May 25, 2018), and many resources are available online to help you. The emailing solution Mailjet thus offers comprehensive guides to prepare for the GDPR. So rest assured, it is not too late to bring yourself into compliance with the GDPR in 2018!

This article was written by our partner Mailjet.

Continue exploring articles

Initiative zero carbon email

#ZeroCarbonEmail: Set an Expiration Date for Your Emails

Discover the email expiration date feature to ensure your communications don’t remain stored after they become obsolete.

An intelligent summary of your sales opportunities 🪄

Discover our new intelligent opportunity summary feature to get a clear recap of the actions to take in just a few seconds.

Feature

Speed up the creation of your emails and landing pages with AI 🪄

Write, improve, or translate your content in one click with AI built directly into your email and landing page editors.

Strategic guide: mastering Lead Nurturing for conversion

Lead Nurturing is not just a series of automated emails. It is the art of maintaining a relevant conversation with your prospects until they are ready to buy. This guide gives you the keys to structuring campaigns that turn interest into revenue. 1. The diagnostic phase: lay the foundations Before writing a single line, you […]

Folder Management: The Organization Your Team Has Been Waiting For! ✨

Emails on one side, campaigns on another, segments scattered everywhere… What if everything could be organized in one place? Introducing our new folder management feature.

Feature

How to track the performance of your marketing messages?

Introduction  You are already a well-established player in your market. Your target audience is clearly defined, your marketing channels are in place, and you may even have already audited your past actions. But one question remains essential: are your marketing messages really performing? Whether it is email, WhatsApp messages, SEA campaigns, social ads, or SMS, […]