Two Words Will Get You Through GDPR -- Informed Consent

It's yet another acronym for digital marketers to grapple with, but the main point they must take home about the new General Data Protection Regulation (GDPR) can be summed up in two words -- informed consent.

OK -- so the other huge takeaway is that fines for breaches are set to rocket (in two years) to up to 4% of global revenue. That's bound to turn a few heads  -- as is, I hear from experts, a change in tone in the UK. In the past the Information Commissioner's Office (ICO) has been widely seen as a helping hand that would rather guide a transgressor back to the path of better protection policies. My sources in the industry now tell me that these days are coming to an end and the regulator -- as any other within the EU -- will be forced to fine companies that suffer data breaches.

So while the fines are grabbing the headlines, I've been talking with people within the digital marketing arena and it strikes them, and me, that the big news is those two aforementioned words -- informed consent.

The data regulations we've been working to across the EU have generally relied on consent -- but as we all know when we hit "agree," we usually don't know what we have signed up to. Under both the spirit and letter of the new Regulation, informed consent really does mean exactly what it says. Consumers have to not only know that you are storing their data they have to be told what you are doing to be doing with it and they have to be able to agree or disagree with that use.

A crucial point here is that you cannot withdraw a service from somebody because they exercise their choice to not permit a certain use of their data. Obviously some data is required for a service to work, such as an email and postal address to, say, let a person know goods are on their way to that physical location. However, if that person doesn't want you to come up with shopping suggestions based on their behaviour, you can't punish them by withdrawing a delivery service or offering a second tier service, ie no next day delivery unless you consent to stipulation x.

So we're going to see a lot of people being asked again to click privacy policies in the same way that we have all become accustomed to accept cookies -- with no alternative offered -- on most Web sites. However, the wording will have to be clearer, and the experts are telling me they expect the really savvy companies will turn this re-permissioning experience into something more positive. We can expect to see lots of shopper and loyalty clubs offering "VIP" treatment that links what they do in a physical location to what messages they receive online and also comes up with suggestions from the brand on what else may complement their purchases or items in their shopping basket.

Obviously, the headlines are going to go on fines for security breaches that could hit 20m Euros or 4% of global turnover, but that's probably more one for the CIO to sweat on. 

Next story loading loading..