Clicky

Navigation
X Close

PossibleNOW Blog

GDPR 101: How GDPR Impacts Marketing

An educational series on the EU's soon-to- be-implemented General Data Protection Regulation (GDPR)

Most marketers think about customer data in terms of its potential use. Personal data fuels campaigns, tailors landing pages and drives bottom line results. How can they be effective under GDPR?

To begin, they need to think about the basis of their efforts. Does it begin with consent tied to specific use? Or was this data obtained by other means?

Secondly, do you have the capability to prove that consent, answer consumer questions about it and, if necessary, completely erase a contact if a consumer requests to be forgotten?

These factors undoubtedly lessen marketers' freedom to use data for outreach. But it doesn't completely bar them from sound, effective interaction and loyalty cultivation so long as they are supplied with the technology and data governance needed to succeed in a GDPR world.



For more informative videos about GDPR, click here, or to view a full webinar on GDPR and consent capture best practices, click here.




About the Author: 
Eric V. Holtzclaw is  Chief Strategist  of PossibleNOW. He's a researcher, writer, serial entrepreneur and challenger-of-conventional wisdom. His book with Wiley Publishing on consumer behavior - Laddering: Unlocking the Potential of Consumer Behavior - hit bookstores in the summer of 2013. Eric helps strategically guide companies with the implementation of enterprise-wide preference management solutions.


Follow me on Twitter: @eholtzclaw | Connect on LinkedIn: Eric Holtzclaw

GDPR 101: Clear and Conspicuous Consent

An educational series on the EU's soon-to-be-implemented General Data Protection Regulation (GDPR)

Under GDPR, companies must earn unambiguous consent in order to communicate with an EU consumer or collect data from them. However, this consent cannot be hidden in the terms and conditions language or tied to a condition of service.

Instead, consent must be clear and conspicuous. So what does that mean?

On a web page, consent language should be prominently featured immediately above or below the "submit" button where a user would request or volunteer information.

For some marketers, this will mean a fundamental reconsideration of page design and conversion opportunities. It will likely lead to a new design approval processes as companies pivot to GDPR risk mitigation strategies. Regardless, it demands that anyone collecting info from EU consumers consider the definition of "unambiguous" and re-orient sales, marketing, support and billing communications accordingly.



For more informative videos about GDPR, click here, or to view a full webinar on GDPR and consent capture best practices, click here.




About the Author: 
Eric V. Holtzclaw is  Chief Strategist  of PossibleNOW. He's a researcher, writer, serial entrepreneur and challenger-of-conventional wisdom. His book with Wiley Publishing on consumer behavior - Laddering: Unlocking the Potential of Consumer Behavior - hit bookstores in the summer of 2013. Eric helps strategically guide companies with the implementation of enterprise-wide preference management solutions.


Follow me on Twitter: @eholtzclaw | Connect on LinkedIn: Eric Holtzclaw

GDPR 101: Controllers and Processors

An educational series on the EU's soon-to-be-implemented General Data Protection Regulation (GDPR)

Understanding your company's GDPR risk exposure is essential. To this, it is often helpful to identify how regulators would categorize your company.

In other words, are you a controller or a processor?

A "controller" is the party that ultimately owns the relationship with the consumer and determines what happens with their data. A "processor" is the party contracted by the controller to execute its decisions with regard to consumer data.

For example, imagine an insurance company that represents EU citizens. It collects information from its customers and emails them from time to time. To do this, the insurance company uses an Email Service Provider (ESP). The insurance company is the controller and the ESP is the processor.

Under GDPR, most of the regulatory onus is on the controller. But there are some obligations that processors must meet as well.

In many cases, controllers are liable for the actions of their processors. Companies must ensure compliance across all vendor relationships that manage data in and out of EU sources.

In turn, processors can get their clients (and themselves) into very hot water with GDPR violations. They must understand their responsibilities and in fact can gain a competitive advantage by demonstrating their GDPR preparedness as full implementation of the rule approaches.



For more informative videos about GDPR, click here, or to view a full webinar on GDPR and consent capture best practices, click here.




About the Author: 
Eric V. Holtzclaw is  Chief Strategist  of PossibleNOW. He's a researcher, writer, serial entrepreneur and challenger-of-conventional wisdom. His book with Wiley Publishing on consumer behavior - Laddering: Unlocking the Potential of Consumer Behavior - hit bookstores in the summer of 2013. Eric helps strategically guide companies with the implementation of enterprise-wide preference management solutions.


Follow me on Twitter: @eholtzclaw | Connect on LinkedIn: Eric Holtzclaw

GDPR 101: Specific Use Requirement

An educational series on the EU's soon-to-be-implemented General Data Protection Regulation (GDPR)

GDPR will govern more than just permission to communicate with EU consumers. It will also influence how companies use data collected from EU citizens and limit their ability to use personal data for multi-channel marketing.

Simply put, GDPR requires companies to clearly identify the "specific use" a piece of information will serve. While the exact definitions around specific use are still gray, experts recommend that companies select and declare specific uses for any and all data collection.

For example, student loan provider might request an email address specifically for loan payment reminders. A financial services company might seek a birth date in order to make an investor aware of change-of-life effects to insurance or other financial products.

Regardless, GDPR prohibits the collection of personal data for one purpose (loan payment reminders) and its use in other purposes (email marketing).



Specific use definitions will likely be clarified in court as early challenges and violations come to light. In the meantime, consider your intended uses and declare them clearly at the point of collection.

For more informative videos about GDPR, click here, or to view a full webinar on GDPR and consent capture best practices, click here.




About the Author: 
Eric V. Holtzclaw is  Chief Strategist  of PossibleNOW. He's a researcher, writer, serial entrepreneur and challenger-of-conventional wisdom. His book with Wiley Publishing on consumer behavior - Laddering: Unlocking the Potential of Consumer Behavior - hit bookstores in the summer of 2013. Eric helps strategically guide companies with the implementation of enterprise-wide preference management solutions.


Follow me on Twitter: @eholtzclaw | Connect on LinkedIn: Eric Holtzclaw

GDPR 101: Right to Know?

An educational series on the EU's soon-to- be-implemented General Data Protection Regulation (GDPR)

GDPR doesn't just limit the rights of companies. It empowers consumers to hold greater leverage against the companies that collect and use their personal data.

Once implemented in May 2018, GDPR will enable EU citizens to request explanations from companies about the personal data they have, the uses they intend for it, how long they plan to keep it and more.

Experts suggest that companies will likely face 30-day deadlines to comply with such requests and if they want to file an extension, they should be prepared to demonstrate very convincing reasons for needing more time.

What's unclear is how consumers will react to this newfound power. Will they bombard companies with requests, questions and objections? Or largely ignore their right to know out of indifference or trust in the companies that serve them?



Regardless, any company communicating with EU citizens must be prepared to answer right to know requests accurately and in a timely fashion.

For more informative videos about GDPR, click here, or to view a full webinar on GDPR and consent capture best practices, click here.




About the Author: 
Eric V. Holtzclaw is  Chief Strategist  of PossibleNOW. He's a researcher, writer, serial entrepreneur and challenger-of-conventional wisdom. His book with Wiley Publishing on consumer behavior - Laddering: Unlocking the Potential of Consumer Behavior - hit bookstores in the summer of 2013. Eric helps strategically guide companies with the implementation of enterprise-wide preference management solutions.


Follow me on Twitter: @eholtzclaw | Connect on LinkedIn: Eric Holtzclaw

Translate