The General Data Protection Regulation (GDPR) is appearing on every other post on LinkedIn and social media, so most of you will have already come across it.

In essence, GDPR will be the successor of the EU Data Protection Directive of 1995 and comes into effect on 25th May 2018. It is designed to be relevant to today’s data rich society and environment, ensuring responsible capture, storage and processing of personal data, but it also aims to change the mind-set of organisations to a ‘privacy first’ viewpoint.

Why does it matter?
Organisations holding any personal data about customers or employees will need to be aware of their responsibilities, ensuring the correct policies, procedures and training are in place or they could be faced with repercussions for non-compliance.

It is broader than just marketing's use of data and includes company-wide personal data storage and usage.

What does GDPR mean for marketing and communications professionals?
GDPR buy-in should be from top-down and all inclusive. It is broader than just marketing's use of data and includes company-wide personal data storage and usage. Communications professionals may need to provide support to management to engage and educate all employees dealing with personally identifiable information.  The changes need to be cultural, not just procedural.

Marketing should be acutely aware of the types of communications they send and to whom. Under GDPR, ‘soft opt-in’ is not an option.  All consent needs to be explicit and the 'allowed' list is becoming more controlled and defined.

The positives
The good aspect about GDPR is that it’s an opportunity to build trust through greater transparency. Marketing and communications practitioners can be creative in how the new regulations are communicated with customers and wider audiences.

To every marketers delight, a cleansed and fine-tuned database will improve the ROI through higher click-through, open and engagement rates in email campaigns.

There is no one-step solution, no technical off-the-shelf product, or one certification you can get to make you compliant.  In reality, the regulation is designed to make each business look at how it handles personal data and ensure it is doing so in a transparent, responsible and auditable way.

Avoid GDPR fines and bad PR
There is no one-step solution, no technical off-the-shelf product, or one certification you can get to make you compliant.  In reality, the regulation is designed to make each business look at how it handles personal data and ensure it is doing so in a transparent, responsible and auditable way.

There are also no prescriptive measures to comply with. The Information Commissioner's Office has a very comprehensive guide to the regulations but they are just that - a guide. What this means is that the regulations are broad enough to be open to interpretation, so each business needs to have understood what privacy means to itself, and put the correct processes in place to ensure safe and responsible use of that data.

To be ‘compliant’ will require considerable change for most businesses, but will lead to better customer experiences and more open relationships.  Surely that is only a good thing for your business and definitely better for your customers.

Written by VMA GROUP’s Grahame Winman, Head of IT

VMA GROUP ensures the safe keeping and proper use of all candidates and clients personal data under GDPR and terms of business. To receive a copy of our terms of business please contact: marketing@vmagroup.com.