Unless you live in a cave, you probably already know that the General Data Protection Regulation (GDPR) goes into effect on May 25, 2018.
There is even talk of an RGPD "revolution" as this new European legislation will have a significant impact on the way personal data of EU citizens is managed or processed.
The goal is essentially to cut off the flow of Europe's "new oil" (the nickname given to data) to the huge U.S. pipelines that are GAFAMs and other "data brokers"made in the U.S.
But it is also arguable that the EU is aiming to protect consumer rights somewhat in the face of trade abuses observed in recent years.
In reality, the problem posed by the shameful (because unexplained) exploitation of personal data for Marketing purposes had already found a solution: Inbound Marketing.
Easy to say that, you might say, when you're precisely running an Inbound Marketing agency!
So here are some facts that show why Inbound Marketing is inherently "compliant with GDPR".
Respecting the prospect in Inbound Marketing
Here are the questions your customers/prospects are now entitled to ask you!
"Are you sure I'm interested in what you're sending?"
The GDPR is intended to limit unwanted commercial solicitation.
Consent is therefore at the heart of any collection of personal information.
It must be "freely, specifically, knowledgeably and unambiguously manifested", and requires data controllers to use clear and simple legal terms that are "clearly distinguishable" from other matters.
In other words, no more long lists of unreadable terms and conditions unless you have a Ph.D. in law and a good two hours to spare - at least in theory.
The GDPR summarized visually by the JDN, for whom Inbound Marketing becomes the ultimate answer?
Infinal, the GDPR requires that the data subject give his or her consent by "a statement or clear affirmative act".
This implies that any consent must be obtained by positive indication, and not inferred from silence, pre-checked boxes or inactivity.
Or, the first principle of Inbound Marketing is permission, as it follows on from Permission Marketing, theorized by Seth Godin in 1999.
The first principle of Inbound Marketing is permission.
This means, in practical terms, that the Inbound Marketer is not just looking to get contact information, but more importantly to get "good" information, from someone who shows a genuine interest in a company's products and services.
Where Outbound Marketing operates (schematically) on the principle of quantity with a low conversion rate, Inbound prefers to capitalize on a smaller number of prospects, but better qualified and above all, in a real buying process.
"Can you forget me? Yes, definitely!"
New rights for individuals are emerging via the GDPR, or rather, rights that have always existed but have been systematically flouted by years of "borderline" (not to say clearly fraudulent) practices are being brought to light.
Among these is the famous "right to be forgotten" or " right to erasure ", which will be included in Article 17 of the regulation.
The "right to be forgotten" allows deleting all the data about a prospect who wants it
This guarantees that any person affected by personal data processing can benefit from the right to digital forgetting on legitimate grounds, i.e., if there is no reason to justify the processing.
The lack of express consent, discussed above, clearly constitutes good cause.
If your customer databases were either purchased or built by assembling multiple Excel files, this can be problematic because you won't know how to trace exactly all of the data and metadata you have generated.
Your CRM data alone is not enough, you have to be able to delete EVERYTHING to stop prospecting someone who wants to.
The advantage of Inbound Marketing, especially when practiced through a powerful tool like Hubspot, is that it makes the entire customer AND prospect database accessible to all stakeholders.
By centralizing all data, a deletion request or an access request (see below), is done with just a few mouse clicks on the platform.
"Do you really need to know who I'm voting for?"
The collection of sensitive data (third parties and employees) such as ethnic origins, sexual orientation, religious or philosophical beliefs, political and trade union opinions, genetic, health and biometric data, criminal offenses and convictions, etc. is strictly prohibited.
Companies may, however, request a specific authorization from the CNIL if the activity justifies it (a dating site for example).
In Inbound Marketing, the only information requested is used to "qualify" the lead, i.e., to assess their degree of interest in the product or service.
"What exactly do you know about me?"
The GDPR enforces the right of access to data to any data subject, this right allows:
- to access all the information that concerns the user,
- to obtain a copy of this data,
- to demand that the data be rectified, completed, updated or deleted (right to be forgotten).
Thus, the digital sovereignty of every citizen of the European Union is guaranteed and strengthened by the new regulation.
The collection of sensitive data is now much more regulated.
The data collected in Inbound Marketing is all centralized on a database used only to stay in touch with the lead.
The transparency is complete, the portability guaranteed and the deletion of data is by simple request.
What procedure for getting clear
Appointing a data protection officer
The data protection officer (or Data Protection Officer) is responsible for overseeing compliance initiatives (Article 24).
Data Protection Officers will also oversee the processor's relationship with vendors who process and host personal data, assess the security practices of those vendors and inform those vendors of requests made by data subjects.
Guarantee data protection by design
The notion of "privacy by design" is a foundation of the RGPD, but also of Inbound Marketing: to attract a prospect we produce quality content that will interest them.
Inbound Marketing is based on trust and transparency.Aggressive Marketing methods that may be problematic under the GDPR (clickbait, retargeting, etc.) are not part of the Inbound Marketer's tools.
Drafting contracts and documents related to confidentiality
Controllers and processors will need to review their privacy notices and statements and any other internal data policies to verify their compliance with the GDPR and comply as appropriate.
It will also be necessary for controllers to ensure that contracts signed with their processors are upgraded to take into account the new mandatory provisions set forth in Article 28 of the Regulation. The same is true for subcontractors, who must be prepared to demonstrate compliance with the regulation.
We have established at The Super Agency an internal data management policy. We are committed to deleting data from prospects who have not interacted with our content for more than 24 months.
The best strategy is still common sense (and therefore Inbound Marketing)
For someone who is not an experienced lawyer, I would just have this advice for making good data protection decisions: "would I agree to something like this for myself?"
The need for greater control over personal data expressed by European citizens is forcing many companies to change their (sometimes questionable) customer acquisition methods.
In this context, Inbound Marketing is the lead generation strategy that is most compliant with regulations and expectations of Internet users.
By putting the prospect at the heart of its approach and respecting and protecting their information, Inbound is a step towards GDPR compliance.
It's time for you to get started with Inbound Marketing and show your prospects the respect you owe them!
Shall we discuss it?