Digital Marketing and the GDPR: Canada, this Affects You Too!

Monday Post - Spodek & Co - April 23 2018You can’t swing a cat in the digital marketing world these days without hearing about data security and privacy issues. The Facebook/Cambridge Analytica debacle really opened people’s eyes to just how vulnerable their online personal information really is. And for the European Union (EU), the timing couldn’t have been better.

What is the General Data Protection Regulation

The General Data Protection Regulation (GDPU) is the European Union’s efforts to tighten the screws around how corporations gather and use online data. Coming into effect on May 25th of this year, it updates laws passed in the ’90s – laws that feel quaintly archaic today. In a nutshell it addresses the myriad privacy and data concerns that have evolved from the explosion of digital and mobile usage.

How Will It Affect Canadian Digital Marketing?

The GDPR will have a global impact on businesses of all stripes who deal in data, and includes analytics, measurement, and market research. In effect, if your organization in any way gathers, processes or controls personal digital data, you should ensure you’re prepared.

First, ask yourself a few questions:

  • Is your company primarily data driven? Do you sell goods or services to, or monitor the behaviour of, individuals in the EU (think cookies, IP addresses, etc.)
  • Does your website see a substantial number of visitors from the EU?
  • Do you have employees who work in the EU, even virtually?
  • Are parts of your business in Europe?
  • And if you use outside vendors, are they (or even THEIR vendors!) in the EU?
  • If you’ve answered yes to any of the above, you might want to become familiar with the new GDPR regulations.

Getting Started: How to Keep Your Digital Marketing Efforts GDPR Compliant

Don’t panic if you haven’t done a massive internal audit or hired a Data Protection Officer before the May 25th, 2018 deadline. Canada already has fairly comprehensive data protection policies in place, both federally and provincially in some cases. If you’ve been on track and following our privacy rules and regulations already you should be in pretty good shape.

That said, here are a few steps you should take to help you get in front of the upcoming GDPR:

  • Determine whether the new European Union regulations will have an impact on your company (see the questions above).
  • If yes, get yourself and your staff educated on the finer points of the GDPR.
  • Determine if and where any holes exist in your organization when it comes to how you currently handle overseas digital data.
  • Fill the holes. You might want to even do an internal audit on any data that originates in the EU. Are there changes you can make to eliminate any fears of falling afoul of the GDPR? For example, could you make off shore data anonymous? Stop tracking website visits on EU webpages (if applicable)? Even stop serving targeted advertising to individuals in the EU?
  • Finally, put clear and concise guidelines and processes into place, and have employees understand the importance of sticking to them. That includes everyone from the C-suite to your newest intern. Don’t forget to also make this information part of any on-boarding packages or HR policies you have, so new hires can quickly get up to speed.

Why the GDPR is an Opportunity Not a Hindrance

Whether your business is boot-strapping it, or you’re one of a chain of Big Box stores, the General Data Protection Regulations aren’t to be scoffed at. And while the whole exercise might feel like just extra work at the moment, the GDPR might actually be the best thing to happen in the digital space in awhile.

Consumers and customers alike are fed up with feeling duped by companies they thought they could trust. And these fierce regulations are forcing everyone to start towing the line when it comes to data protection.

Show them they can trust those of us in the digital and social space again, by educating staff on best-practices, and keeping your data gathering and storage practices as ethical and above-board as possible.

What do you think? Have you taken steps to make sure your systems will pass muster? Are you paying more attention these days to the ethics around data gathering? Please leave a comment below.

P.S. The GDPR is A LOT to unpack – way too much for a short blog post. So, we wanted to leave you with a list of some in-depth articles, a library of sorts, to help decode and dissect the GDPR, and the impact it will have on digital marketing. Get in touch if you want to discuss how Spodek & Co. can help.

The GDPR Checklist
GDPR Compliance: Everything Communicators Need to Know
All About the GDPR: Staying Compliant in a New Era of Data Privacy
Google’s GDPR Approach Raises Publisher Concerns
With GDPR Restrictions on Using Consumer Data, Marketers Will Need to Start Mining Moments

Line drawn peony from Spodek & Co Digital marketing site