What the GDPR and the 'right to be forgotten' could mean for data-driven marketing and customer analytics

Data-driven marketing privacy policy

With the enforcement of the GDPR (General Data Protection Regulation) looming, many industries are questioning what it will mean for them and their customer analytics practices. This is especially true for data-driven marketing agencies.

Marketers who use the personal data of consumers will have to change their tactics in order to comply with the new regulations, most importantly the ‘right to be forgotten’ or the data erasure act.

What is the ‘right to be forgotten’?

In 2014 a Spaniard named Mario Costeja Gonzalez was trying to move on with his life after some financial difficulties and scandal in 1998. He had put a property of his up for auction to solve his problems, the details of which were covered in a newspaper that went online. This caused the search engines to bring up these old stories whenever anyone searched for his name, which was, in turn, damaging his reputation. He argued that Google should remove this obsolete information from their results in order for this damage to his reputation to stop.

The Luxembourg-based Court of Justice of the European Union agreed with him and ruled that Google remove this information, setting a precedent over what is referred to as the ‘right to be forgotten’. The EU believed that it was the right of Gonzalez for that information to be confined to history or at least a ‘history’ that only a very dedicated researcher could find.

This new precedent means that old, inaccurate or simply irrelevant data about you can be removed from search results should you ask for this to happen. It could also mean that you have the right to request that Facebook and other social media platforms remove any unpleasant photographs or information from their platforms … including those cringeworthy high school photos you posted years ago.

What does the GDPR mean for data-driven marketing?

In recent years, data has become the lifeblood of online marketing, such as content personalization, targeted advertising, and social media campaigns. Using data for customer engagement has proved to significantly increase sales and provide customers with a positive experience. However, the GDPR and the new ‘right to be forgotten’ ruling may stand to change this dramatically.

Personal data can only be used for the purpose it was collected

If you have collected personal data from consumers, according to the GDPR guidelines, you are not allowed to use it for anything else or provide or sell this information to other parties. Sharing personal data with third parties is only possible once you have explicit consent from the consumer whose data it is.

What this can mean for data-driven marketing or digital marketers is that you are unable to share data with advertisers or with an app builder that may be working for your clients, unless the consumer explicitly agrees to this. While many marketing agencies have in-house developers for such things, those who outsource their work may find themselves in murky waters with the GDPR officials.

You’ll need to get on board, fast

Resistance to the GDPR and the right to be forgotten is futile. This means that you’ll need to get on board with the rules and regulations, fast and ahead of time. You’ll be able to leverage its value to you if you start making changes sooner rather than later.

The GDPR and its implications on customer analytics mean that you’ll need to carefully examine your current processes and systems. You may be surprised to find that compliance leads to better work practices and better clarity. The new data regulations are going to be enforced on the 25th of May  2018, which means that all data-driven marketers will need to become compliant well ahead of time in order to make a dent in their customer analytics changes.

Explicit consent from all users

If you need to request personal data from a consumer, you’ll need to have explicit consent to do so. While this is more applicable to the GDPR, it ties into the ‘right to be forgotten’ in that consumers can request you to delete all of their data if they have not given consent.

Consumers can say no to your request for their data, which can make data gathering all the more difficult. However, once you have their consent you’ll be able to use this data for marketing purposes. Consumers are able to request that you ‘forget’ this information, however, if they feel it has become irrelevant or if they are uncomfortable with the way in which you are going to use it. You will have to comply almost immediately to any requests from clients to erase their data, otherwise, they could take legal action.

Getting support can help

Some content management tools are ahead-of-the-curve and offer sophisticated tools to help you become GDPR compliant. These tools include mapped data flows, multiple consent management, consented-only personalization and activity tracking and customizable consent forms.

For data-driven marketing, getting support can help you to prepare for the ‘right to be forgotten’ regulation of the GDPR. These tools will allow you to respond quickly to the looming changes that will soon need to be implemented and can streamline your customer data management system. You’ll need to be very careful of who you choose as third-party help and what their data collection methods and policies are. Clickatell is currently working with leading legal experts to ensure that we are compliant with all regulations. While the GDPR is but one branch of the information security industry, it most certainly is an important one to understand.