If you’ve been skipping over every GDPR article until today, you just saved yourself a bunch of time. The only one you need to read, is this one.
Let’s look at GDPR, how it works, what it does, how you’re going to adjust your marketing strategy, your business itself and – the fun bit – where it leaves your Social Media Marketing efforts.
Let’s also look at how you as a human being is “captured” in the virtual world; a purchasing, content consuming, saleable economic entity.
What is really behind the GDPR? What is the “spirit” of this law?
Black Mirror Season 3 opened with an episode, called Nosedive. It was intended as a hard-hitting satirical look at how we’re in a popularity contest that overshadows the basic human connectivity of kindness, mercy, fondness, and honesty.
Humans go about their business, and in their need for social interaction, expression and peer recognition, as well as their drive for convenience, they’re exposing more and more of their thoughts, personal facts, and intentions online.
We definitely are at a place where the information you posted, even once, as a quick phone-typed-response on Facebook or Twitter, is forever available somewhere on the Internet, probably to be quoted completely out of context. You can never unsay what you said, or un-share what you showed the world.
The shift that brings online reality, more into focus, than offline reality, has started. We are measured by our peers, as much in what we posted on social media, as in what we were saying at last week’s dinner.
Every transaction we enter into with a business, gives some of our information to them. Often, the information stored is more detailed than needed to conclude the transaction, and it’s kept for longer than necessary. The information is probably stored without the appropriate paranoia one expects, considering the implications for the individual should their information leak out.
GDPR is an attempt to subject our online personas to our physical personas, and to reverse the sale of our virtual freedom as human beings, who live, breathe, love and laugh, while looking for human interaction.
So – if I as a Social Media Marketer, a Business Owner and a Human Being, can truly treat my clients as individuals, as human beings, with respect – the rules of GDPR are not going to change the way I do business. If anything – it’s going to enhance my approach, and shape my systems to be more in line with my strategy.
Nevermind GDPR – let’s tweak your Marketing to work even better!
The new legislation that effects the EU – whether you’re based there as a business, or based there as an unsuspecting web user, kicks into gear on 25 May 2018.
While this legislation may be a bit of an irritant for some, complying really does make your marketing more client centric, so let’s see what we can learn.
What’s the short version?
From a client interaction point of view:
- There’s no electronic contact with any client, unless they explicitly consent to hear from you. And no, you can’t just mail them and ask them if they will be on your mailing list, like in the old days.
- The client may at any time ask you to access their complete profile, in your database(s).
- The client may at any time ask you to provide them with their profile data, for their own use. This is a bit like your downloading your Facebook profile to get your old photos, and those soppy love poems you wrote to your ex.
- The client may at any time request you to “forget” them, entirely. I’d be more impressed if they made this clause binding on Government Tax Departments, so you could simply unsubscribe. But… I digress. It’s important to note that there isn’t a requirement to automate, or comply with “forgetting” immediately. This required functionality isn’t necessarily available on all CRM / Marketing platforms – so it may end up being a manual action for your administrative staff.
There are a couple of additional quirks, like – anybody under 16 might give explicit consent, yet the consent of their guardians are required for them to enter into any kind of agreement. These legal implications are fairly obvious to you if under-16’s fall within your niche market, right?
If you’re au fait with these four guidelines, the rest follows quite easily.
From a business responsibility point of view:
- Only store what needs to be stored, for as long as you need it.
- Get someone who’s responsible for the protection of the data, either inhouse or outsourced.
- Have a strategy, and a system in place to detect changes in your network security.
- If there was a breach, you have 72 hours to notify anyone affected by the incident.
Let’s look at your existing communications strategy with your potential clients:
- You have paid advertising running, either at a portal site, or with Google partner network.
- You have a website where people go to read more about you, or to find a way to contact you, and they may even be able to catch you on chat, or via support tickets, and do e-commerce transactions with you.
- You have social media profiles on Facebook, and Twitter, and let’s say on Instagram for your business.
- You run paid advertising on your Social Media profiles too.
- You have a contact database, that runs on Mautic, or Mailchimp, or some other platform. You may integrate email with a text messaging service for a more immersive client experience.
- You have an additional CRM interface that stores your interactions – mails, phone calls, chats, with your clients.
Does that cover it? Well – no. It doesn’t really.
Big Brother’s Watching
If you’re using Mautic, or just Facebook Pixels and Google Ads Tracking, there is an underlying “intelligence” that keeps track of a user’s actions on your site, on your social media profiles, and on their Gmail emails. This “intelligence” builds a kind of profile on them, what they search for, what they read, what conversations are going through their Gmail accounts, and what they’re responding to on social media, which emails they open, which links they click, what products they add to wish lists, with whom they discuss their upcoming purchases and their personal issues.
The use of this information has been a revolution in marketing. Targeted marketing to be precise. An absolute super power to increase your Return on your Marketing Investment.
And – in its simplest form, what you’re actually paying for when you get a thousand impressions on Google or on Facebook, is an educated guess, whom they should include in the viewers of those impressions, to get you the best possible click-through rate to your site, and to converting that click into a purchase – based on what they’ve been doing online for the past couple of weeks.
This gracious consent by your clients, to Social Media Platforms and their favourite Search Engine, is for all practical purposes your last public stand as a Marketer.
In the past, the drive has been to create a funnel, where you herd as many qualified leads as you possibly can into a kind of nurturing journey, where they’d learn about you, build a relationship with an automated you, and eventually spend money with you and give you referrals. That journey – if you managed to do it well enough, made you ubiquitous, with advertising showing up wherever they went on the web: On Google, on Google partner sites, on Facebook, on their mobile devices when they were playing games, or using other apps with in-app advertising… their entire web experience got customised.
Where does your responsibility with GDPR start, and where does it end? What changes?
Social media platforms all have big disclaimers and terms and conditions, before you join. The information you post on their platform is “theirs”, for all intents and purposes. While you can get a copy of your information, or delete your profile, you have given consent already by the time you verified your email address. You didn’t read any of those terms and conditions, did you? No. Neither did I…
When a potential client enters into your website, you can ask them if they want to give permission for your site to drop a “cookie” on their machine, identify their mobile device, to track their behaviour, but – if they refuse, it’s really more your loss, than theirs. They can find your competitor if they’re getting more content to consume for less information shared.
That’s the difference between the big players, and you and I.
And THIS is where your responsibility starts. Here, where people themselves add their information, to your database.
- • Manage the information you’re allowed to have, carefully.
- • Do not copy contact details off your Facebook page followers, and add them to your mailing list.
- • Do not buy mailing lists anywhere. Ever.
- • Do not use those Chrome extensions that let you sniff out business email addresses on LinkedIn.
- • Do not add folks who responded to a lead magnet, to an eternally running mailer sequence that malfunctions when they wish to unsubscribe.
You may however, add those bits of tracking code from your social media platforms to your Mautic installation, and to your WordPress site. So the consent given BY your potential client, TO the big social media platforms, allow you to benefit from the resulting profiling to which the same client agreed.
And you may still use that cookie to track your users provided that you get real consent, on your own website. You really should update the terms and conditions on your website. Check out this site to find out more.
You can still get email addresses, and you should still nurture your new subscribers with real value, personalised, and relevant to them, so that you don’t just fill their mailboxes with useless information.
So right now, the drive still is to create a funnel, where you attract as many qualified leads into a kind of nurturing journey, where they’d learn about you, build a relationship with an automated you, and eventually spend money with you and give you referrals. That journey – if you manage to do it well enough, makes you ubiquitous, with advertising showing up wherever they go on the web: On Google, on Google partner sites, on Facebook, on their mobile devices when they are playing games, or using other apps with in-app advertising… their entire web experience gets customised.
The game is the same.
The only difference really, is in the little bit of control that is restored to the web user. And the respect with which you treat their information.
In a way, using social media, where end users have already agreed to sharing their profile, and their information, is the only way around the new limitations on reaching out to currently unknown, potential clients.
What’s on my to do list?
- Appoint someone who’s responsible for the safety of data.
- Fix up the Terms, Conditions, and Permission requests on my website.
- Pop an email out to my entire database, giving people the option to tweak their subscription, to really serve their individual needs, and to explicitly give consent to remain on my database, if I didn’t get that right at the beginning.
- Look at the strategies I use to drive traffic to my site. Let’s drop any method that isn’t explicitly requested by the potential client, or within the terms and conditions of the portal, or social media platform they’re using.
- Look at the data I store about my leads, and my clients, on my system. Is the system safe from being compromised? Does it have to be “online”? How can I minimise risk?
- Can I do away with some of the details I store, like, for instance, credit card details that could be passed to the clearing house without being captured on my end, or physical addresses for a delivery back in 2016?
I hope these pointers have given you the perspective you need. If you have any questions, don’t hesitate to make contact with me. I’m always here to help.