What Does GDPR Mean for Education Marketers in the U.S.?

GDPR…is that a four letter acronym that makes you cringe?  The General Data Protection Regulation is in play in the EU as of May 2018, but I’m here to help you understand how it could possibly impact your marketing plans in the future if it’s mandated here in the U.S.  California is already implementing their own regulations, so make sure you are ready.

As I’m sure you know by now, the GDPR is the new data protection regulation within Europe. Why was this a big deal?  The previous legislation in place was quite outdated (by 20 years!) and let’s all agree that within the last two decades, we’ve seen huge advances in technology. The way we all use technology and social media has completely changed the landscape, and this new regulation catches up with the world as it is today.

I recently attended a session at the DMA &Then conference that outlined in great detail how marketers should be adjusting their marketing strategy to comply with GDPR EU regulations.  Ryan Edge, Privacy Engineer at One Trust provided a great overview that I want to share.  It was a very detailed presentation, so I’m going to share the nuggets that you might be most interested in.

In a nutshell, it’s all about the customer’s data privacy.  As marketers, data is KEY to our strategy and drives our campaigns. So, how do we tackle consent and preference management?  Customers providing their consent to use their personal information (name, email, phone, etc.) for use in marketing promotions is tricky business.  There are six legal bases you should start to think about for processing your customers’ personal data:

  • Consent must not be bundled:  When providing a prospect or customer with terms and conditions for some kind of relationship, the inclusion of their personal data and each communication method must be consented separately, with separate opt-ins. If a prospective customer opts-in to receiving all your direct marketing by mail, phone, and email, each piece must have it’s own consent form or method of approval.  To reiterate, separate the opt-ins are a must: “I consent to receive direct marketing by mail” with detailed terms and conditions, “I consent to receive email communications” with detailed terms and conditions…etc.
  • Active opt-ins only: Pre-ticked opt-in boxes are invalid. Active opt-ins are required.  No more pre-checked boxes!  The opt-in needs to be initiated by the end-user so they are aware they are opting in to receive communications from your organization.
  • Granular:  A customer must have the option to consent separately to different types of processes.
  • Informed:  Provide sufficient information to your prospect or customer so they may make an informed decision about consent, opt-ins, and your different communication methods.  Example:  A business card is dropped into a prize drawing at a trade-show and then that name is later used for other marketing campaigns.  Now, we know what’s going to happen after we drop that card in…we’ll be sold to!  But, what makes this invalid with relation to GDPR?  This method is not specific and not informed because the consent was only given for the prize drawing only.  The customer must be informed and opt-in to further marketing communications.
  • No Imbalance of power:  Once you have a prospect’s information, you can’t simply ask for their consent to share that information with third-party partners with one tick box. Now, you must name each party you would like to share their personal information with, allowing the prospect to consent separately to each one.
  • Easy to withdraw:  Tell your prospect or customer about their right to withdraw their personal information from your records and communication channels at any time, and how to do it.  With all consent, it must be clear at all times how the customer has this right, and can withdraw from any and all communications when they please.

Like I mentioned above, all these requirements with regards to processing data are currently only enforced in the EU, but it’s recommended that we start to prepare here in the U.S. for any changes coming our way.  California has already started being vocal about data privacy and legislation to come.  Being a marketer, I’d start to think what you should do to begin preparing to protect your customers privacy (if you’re not already!).

Here at MDR, we fully understand the need to protect personal data, as we ensure this practice in every moment of our relationship with prospects and clients alike.  We continually stress the importance of keeping data clean, up to date, and accurate.  Now, you should incorporate added security.  Think about it, if your customers know how vigilant you are about protecting their personal data, don’t you think that will positively impact your relationship with them, gaining their trust even more?  Make it clear that you are always taking into account their personal data security, conveying how much you care about them, and making your brand more valuable.  Put you customers’ privacy first and it will pay you back in the future.