If you live in Europe, the odds are that in recent months your inbox has been inundated with emails from pretty much every company you’ve ever had dealings with, asking you whether you’d like to continue to hear from them, or “opt in”. From monthly newsletters to special offers, curated content to advertisements, we as consumers have become accustomed to having our data harvested by companies who then target us with tailored and untailored marketing messages to promote their products and services.
You may have unwittingly forgotten to untick a box when you purchased flights five years ago and have been receiving weekly emails from the airline ever since. Or perhaps in order to log into a café’s WIFI once-upon-a-time you were subsequently asked to subscribe to direct mail from them in exchange for a silky-smooth internet connection. And now, finally, you are being given the chance to right all those wrongs and do away with all those unwanted or unsolicited emails once and for all. You may ask why this is happening and why are you being given the golden opportunity to finally cleanse your life of spam. The answer is GDPR.
What is GDPR?
During the course of the last year, citizens of Europe have been collectively rolling their eyes every time they hear any mention of something called the General Data Protection Regulation, or GDPR, as it has become more affectionately known. Coming into effect next week, the new regulation in EU law addresses data protection and privacy for all individuals in the EU, aiming to give consumers control over their personal data and to simplify the regulatory environment for international business around the continent.
In essence, this means that businesses who directly contact consumers can no longer do so without renewed affirmative consent and recorded approval from the individual before any further data is collected. In addition, consumers can demand that any data held on them can be accessed, amended or completely deleted whenever they like. Any failure to comply with the new regulations could result in hefty fines and crippling penalties for businesses from the Information Commissioner Office (ICO).
Why should publishers care?
While consumers click “unsubscribe” and “opt out” en masse, what are the key implications for businesses? And more specifically, how are publishers likely to be affected by the new legal framework?
First and foremost, and perhaps inevitably, any company which collects consumer data and then uses it to communicate directly with them will see the impact of their direct marketing efforts weakened dramatically. While most publishers operate as B2B entities working through retailers, many have, and still do, conduct direct-to-consumer (B2C) marketing and sales activity. Some publishers, particularly those with recognisable and strong consumer-friendly brand identities, have had great success at building networks and communities around their content and marketing directly to book buyers. And it is these publishers who will need to be most wary of GDPR as it comes into play.
Another thing to consider is that GDPR extends beyond a company’s proprietary systems. If a publisher is using a third-party ecommerce system, for example, it is automatically considered an extension of their own customer database. Therefore, it is the responsibility of the publisher to ensure that those system providers, which harvest customer data on their behalf, are also taking measures to be fully compliant with GDPR.
Surviving the data minefield
While the ICO has sought to reaffirm on several occasions that GDPR should not be a cause for panic, the office has also stated that inaction is not an option either. Legal experts in the industry are suggesting that the first step publishers should take is to conduct a data audit to recognise what kind of personal data they hold, where it came from and with whom it has been shared, and to make efforts to track and document the relationship the company has with each individual.
If the publisher would like to continue engaging with consumers as it has done previously it will need to establish an opt-in/opt-out consent mechanism for both new and existing customers, and carefully record every communication it instigates with these individuals as well as any data collected on them in the future. Steps should also be taken to update privacy policies and notices on company websites and other relevant legal documentation.
Finally, as it will become more challenging for publishers to proactively engage with consumers through direct channels, it is highly likely that they will have to instead put more focus on search and discoverability. To this end, ensuring that metadata is accurate and that a publisher’s content is ubiquitous across every possible channel will never be more important.
There are many ways in which GDPR will likely impact the way publishers go about their day-to-day business, and a week ahead of deadline day it’s still not too late for companies to get more informed, seek legal advice and start taking the necessary steps to become more compliant.