Now we’ve reached the phase of putting GDPR into action. From what I can see, the main consequence so far is an increased workload for marketers as they work to understand the policies their businesses have decided on. Usually, there are more questions than answers.
From the practical:
“Do we really need to have their ‘consent’ every time we process a prospect’s data? What if I want to send printed dinner invitations to 30 key new business contacts?”
“If we’re not using ‘consent’, what do I need to do to follow the ‘legitimate interests’ rules? Do we need an assessment for every campaign? How do we inform people that we are using their data?”
To the esoteric:
“If I market to someone without their ‘consent’, am I a bad person?”
“If we don’t believe that marketing is a ‘legitimate interest’, is that like saying we don’t believe marketing is essential to growing the business?”
To help frame the debate, we interviewed Duncan Smith, founder of iCompli Limited. The resulting four videos cover some key questions we’re hearing as marketing teams come to grips with the impact of their organisations’ GDPR policies.
Processing using “consent” versus “legitimate interests”
First, I wanted to share a couple of personal observations on this.
If you do not have the ability to process data under “legitimate interests” for your B2B marketing (without “consent”), then I believe in most cases that this will set your marketing effectiveness back a decade.
At the same time, I believe that building an audience who have opted in to your communications is a good thing. But this “consent” doesn’t have to be the only basis for processing data – if your targeting and segmentation are up to scratch. Gathering consent from everyone who could truly benefit from your proposition is likely to mean a disproportionate effort.
The guidance from the UK’s ICO is pretty black and white: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/legitimate-interests/when-can-we-rely-on-legitimate-interests/