News & Insights

Don't Hide From Violations: GDPR Explored

Don't Hide From Violations: GDPR Explored

Large companies and platforms report data breaches almost daily. These are companies that a majority of consumers know or purchase from like Target, Yahoo, Under Armour, Uber, Equifax, Facebook. The frequency of these instances has escalated the importance of data protection and consumer privacy, but legislation and reform has been slow – until now.

With consumer distrust, frustration and fear elevated, government bodies, marketers and brands themselves are stepping up, peeling back layers to see what safeguards are in place and identifying and implementing standards to ensure best practices and be more transparent about data collection and security. Most recently Mark Zuckerberg answered questions presented by members of Congress as to how Facebook protects its users and shares user data with third parties. Not long after Facebook got grilled, inboxes were flooded with new privacy policies from many companies and platforms.

And now – the GDPR. The GDPR is not new…this has been in the works for about two years in the EU but has only captured the attention of the US in the last few months, and for good reason. Many more brands on a global scale and in the US (especially those who interface with EU consumers) are taking steps outlined in the GDPR not only to ensure compliancy and avoid large fines, but also to prepare for inevitable new state-specific or federal data protection laws.

The bottom line? Start taking the steps to ensure compliancy with the GDPR now and you’ll be ahead of the curve.

What Is The GDPR?

The General Data Protection Regulation (EU law) goes into effect on May 25, 2018 and puts really strict requirements on collecting and storing data belonging to consumers in the EU. Basically, any company that collects, possesses or monitors personal data and behavior of EU national consumers (for both goods and services regardless of payment) must take steps now to comply with the GDPR and make changes to the ways in which they obtain consumer consent.

What Constitutes Personal Data Under The GDPR?

Personal data can be any information relating to a person that can be directly or indirectly used to identify an individual (in the case of GDPR, an individual of the EU). There's the obvious personal data: name, email address, an identification number, but there's also location data and IP address.

Most websites can access IP addresses or use cookies to track and market to website visitors. If you are collecting or storing IP addresses or using cookies, you need to get explicit consent from users before doing so. Data stored in Google Analytics also applies.

Email Subscribers & Lists: You need to have users actually check to be added to an email list – no more pre-ticked boxes. Also, have clear messaging and a link to your privacy policy right where they take action to subscribe.

What Should You Do Today To Ensure GDPR Compliancy?

✔ Do an overall audit of the data you are collecting, storing and processing and the ways in which you are targeting customers through paid media efforts, website tracking, etc.
✔ Make sure at all times that you are clear and upfront with your customers about why you are collecting their data and what specifically you will be using their data for. This applies to the use of cookies for tracking and even the use of Facebook pixels. Simply be as transparent as possible.
✔ Review and update your Privacy Policy to include compliancy efforts related to the GDPR.
✔ Make sure any third-party partners (or data processors) who are storing and/or processing data on customers/prospects are being compliant – this includes Email Service Providers (ESP), CRMs, Marketing Automation partners, programmatic partners, etc.
✔ Still at a loss? Reach out to Rhythm or consult your internal legal team to ensure you are taking the appropriate steps to ensure GDPR compliancy.

The GDPR Silver Lining

Another reason for the GDPR and all the focus on personal data security and usage comes down to really poor or intrusive marketing. New regulations like the GDPR and more exposure to sleazy marketing tactics will force brands to be more creative, more mindful and provide more value to consumers. It will be exciting to see how brands turn the strict regulations placed upon them by the GDPR and other laws to come into opportunities.

The GDPR may also move more of the marketing budget to focus on current and past customers, not marketing to the masses or colder audiences. Current and past customers are more likely to give you permission to market to them because they are familiar with your brand.

Bottom line, there is a huge competitive advantage for those brands who take the steps to be GDPR compliant. Those brands who take initiative and do the necessary work prove to consumers that they care about the safety of their data and ultimately want to provide a better overall user experience.


Why GDPR is Actually a Good Thing For Brands
How GDPR Will Shake Up Brand Data Strategies
GDPR: 5 Questions Marketers Must Ask Themselves Before May
What Brands, Publishers & Ad Tech Companies Need To Know About The GDPR
Facebook & The GDPR