On 25th May 2018, GDPR (General Data Protection Regulation) comes into full effect in the UK. It’s likely you’ve read articles on the subject of GDPR and its implications for businesses handling ‘personal data’, but if you’re in need of a refresher, you can find out more by reading our GDPR guide.
GDPR will apply to all new and existing data. So, if like countless other businesses, you’re worried about losing your current data after this date, making it compliant and fit for a post GDPR world is vital.
Also, if your company is found to be in breach of GDPR, you could be fined up to a maximum of €20 million (£17 million in the UK) or 4 per cent of your annual global turnover, whichever is greater.
How do I know if my data is complaint?
One of the main aspects of GDRP is that companies are able to prove how they obtained consumer data. If they are unable to do so, data will need to be refreshed with contacts opting-in again.
However, customers cannot be forced into giving their consent, or be unaware that they are giving their consent. There is a strong emphasis on using a clear affirmative action, along the lines of a positive opt-in box that is separated from any other actions like agreement to terms and conditions.
How can I make sure my data is compliant?
One of the first things you could consider is to devise a succession of well-planned emails to your existing pre-GDPR customer database. Ensure you provide clarity on exactly why you are collecting data and how it will be used.
Within this communication, offer incentives such as a discount or a giveaway, encouraging consumers to opt-in again. This is a good opportunity to not only cleanse your existing list but to re-engage your existing customers.
However, stats suggest that sending an email to your existing database will only get about 8-12% of re-opt-ins. This isn’t surprising when you consider that in the run up to the deadline, consumers will likely be bombarded with data and privacy policies from numerous business.
Instead you should consider alternative approaches that deviate from your competitors’, creating clarity and confidence around the subject and therefore allow you to build trust with your customers.
How should I use social to enhance my data?
Create an engaging, incentivised social media campaign that could be hosted on your brand’s Facebook page or website. Build a simple sweepstake, Messenger chat bot promotion, quiz app or a game that encourages your existing audience to enter their data. By using a double opt-in, which is required under GDPR, your customers details will be converted into a new GDPR compliant record. Once their data has been recaptured, you can send them a follow-up email to confirm their sign up.
This promotion should be emailed to your database and promoted using social advertising. Targeted ads can be created to drive existing customers to your campaign, using Facebook’s custom audiences.
A data campaign promoted using social advertising will maximise the number of campaign entries. Therefore, increasing the likelihood of participants opting in again, resulting in fully GDPR compliant data.
Capturing new GDPR compliant data
Compliant campaigns can also be used to capture data from new prospects. Facebook in particular, provides a fantastic platform to host and drive awareness for prize incentivised promotions that will attract, engage, educate and excite potential new customers.
To collect new audiences, activate the campaign with well targeted advertising that excludes existing known customer data. Facebook custom audience targeting does this very well.
As the GDPR deadline approaches it is worth noting that, although ideal to get as much data converted as possible, it isn’t necessary to have 100% conversion. Our experience has shown that although double opt-in can result in fewer sign ups, conversion rates are higher and therefore overall revenue can be higher as well.