GDPR: how to make your webmarketing strategy comply?
The GDPR is one of the hottest topics of this autumn 2018. And for good reason, it will upset many organizations, and impact all departments, the web, marketing but also IT, because they are all concerned with the processing of user data.
#CONCRETELY, WHAT IS THE GDPR?
GDPR (General Data Protection Regulation) is the new European regulation on the protection of personal data that will apply throughout the European Union on May 25, 2018. This text aims to protect the European citizen in the use of his personal data by companies, organizations and any entity that collects information on users who are citizens of the European Union. It will standardize the regulations on all member countries of the European Union.
To give a concrete example, the GDPR will also concern a town hall that offers its residents to register for online services, a company that allows its customers to buy on its e-commerce store, or an association which offers a portal to its members.
In summary, when it comes to collecting, using or exploiting data of Internet users, you must comply with the law and respect all points, under penalty of up to 4 fines % of your annual turnover or 20 million euros …
#WHAT IMPACT OF GDPR ON A WEBMARKETING STRATEGY?
WEBMARKETING AND COLLECTION OF USER DATA:
In any webmarketing strategy, we collect data on our audience. These data will have to be totally mastered, and respect rules that we will see together.
MAKE AN AUDIT OF USER DATA COLLECTED WITHIN YOUR ORGANIZATION
It is important to precisely define all the information collected by your company or organization on a 360 ° vision:
- identify all pages containing an entry form or registration by the user (newsletter, account creation, request for service, contact us etc.)
- list for each page the fields and types of information collected: e-mail address, password, surname, first name, postal address etc …
- at the same time check whether the different data collection points comply with the laws in force and the GDPR regulations (obtain the prior consent of the Internet user – with a checkbox – to subscribe to a newsletter, specify the procedure deletion of information related to the opening of an account etc)
We advise you to create an official internal document, including all the above information, in order to prove in case of control that your organization is willing to comply with the GDPR.
AUDIT EXTERNAL SOFTWARE SOLUTIONS AND PLATFORMS USED
After the collection, the next step is the exploitation of the data. The majority of companies and organizations use external software solutions, such as SaaS for example, to exploit the data of their users. And what you need to know is that GDPR compliance also involves the use of GDPR compliant external software solutions. To put it simply, you also have a responsibility for the choice of solutions, and you must make sure that they are also in compliance with the law, since you provide them with user information.
As an example, here is a list of solutions that will have an impact on your compliance with the GDPR:
- CRM solution
- emailing / SMS routing platform
- billing software
- competition game platform
- HRIS software
- analytical solution
- online payment solution
- advertising platform
The important thing will be to list all the solutions used within your organization, and formalize them on an internal document, which will ensure that you control all information flows. And most importantly, the most important thing, will be to get closer to them, to ask them for evidence of implementation of a policy respecting the GDPR.
In concrete terms, it will be necessary to prove, by means of writing, that you check regularly that these “subcontractors” of the data are in conformity, and respect the regulation in force. This way, you will be able to guarantee the complete chain and its conformity to the GDPR.
SUMMARY OF THE CHECK-LIST WEBMARKETING OF CONFORMITY TO GDPR
To summarize this article, here are the main tips we can give you:
- List all existing data within the company before GDPR, and check if the origin of these data was in conformity with the GDPR (if this is not the case, it will be necessary either to give up the use of these data, or ask the concerned users again for their consent)
- List the user data collection points on your digital media (forms available on your websites, mobile applications, social networks, etc.) by listing the types of data retrieved (e-mail, ip address, postal code …)
- Audit external webmarketing solutions and obtain certification from them regarding their compliance with the GDPR, and do so on a regular basis
- To choose internally a collaborator who will be named “Delegate for the protection of the data”
The GDPR will disrupt many structures and organizations, and it is more than necessary to prepare for it.