Why Our Clients Should Care About Privacy Policies in the UK: GDPR an International Model

LinkedIn, Ebay, Twitter, Facebook – they are all posting prompts asking users to spend time reviewing their updated privacy policies. Have you opened their prompts? It’s quite a task to wade through these updates, yet there’s something refreshing about them. They are more understandable, easier to follow than former policies and wonderfully revealing about how these companies would like to use your personal information.

The reason for these changes is the newly enacted General Data Protection Regulation or GDPR, which goes into effect in the UK this week. It promises to force changes in many industries: medicine, advertising, education, and technology, to name a few.

GDPR requires companies to come clean with how they use your information or pay up… pay up to 4% of gross revenues for violations AND a hit to a company’s reputation, stealing more than money from the bottom line.

The new rules govern how companies access your data, how they use it and how they report it.   This opt-in vs. an opt-out model is designed to give consumers power over how their personal information is used, traded, processed and stored.

Ever want to be “online invisible”? To not exist? To “File-13” your personal preferences? Well, this is about as close as one can get to that scenario.

What do GDPR changes look like practically for company’s that are data controllers through marketing? Here are a few examples:

• A company has to prove that email recipients “ok’d” receiving marketing emails.
• An event company has to prove that data about a dinner guest’s food allergies aren’t stored and shared with third parties.
• If you meet someone at a party and get their business card, you can’t just put their name on a mailing list – they haven’t actually given you permission to do so.
• Someone donates money to a non-profit through a third-party who is doing a massive local fundraising campaign. The data collector – the party running the campaign – can’t keep the email information and then start sending the one-off donor information about their organization – not unless it’s requested first.

No more buying and collecting emails and assuming consent or waving off consent by thinking “they can just unsubscribe if they aren’t interested.”

Nope. No more….not in the UK.

So if you don’t do business in the EU, then why should you care?

In my opinion, it’s just a matter of time before GDPR works out its tweaks and heads to the US. Once consumers get a taste of what it means not to have to “opt out” of marketing, but to have the option to “opt in,” well, the tables are turned and full power is back in the consumers’ hand. No more trickery or hidden pre-selected checked boxes that give companies the right to track your every move, choice, non-choice and habit. Consumers will eventually look to do business with the companies most respectful of their privacy here in the US.

We have already been speaking with clients about being early adopters of similar policies.   It’s not just good business sense to look at the value of the GDPR model, but smart businesses will use it as a reason to jumpstart client relationships and rekindle old ones.

The right to be erased…the right to be forgotten….it’s the worst nightmare of companies wanting to essentially force you onto their mailing list, but it’s a dream to organizations that truly respect their audiences and desire to have respectful, long-term interactions.

More to come on how we can help you through the benefits of incorporating GDPR into your marketing strategy. The good news is in the US we have some time and can manage costs and internal integrations so it’s less of a short-term burden and more of a long-term strategy.