Demystifying GDPR by Emotio Design Group

Page 1

Presentation in partnership with

E M OT I O D E S I G N G R O U P

D E S I G N • M A R K E T I N G • D E V E LO P M E N T • C R M • V I D E O G R A P H Y • P H OTO G R A P H Y • 3 6 0 º

DEMYSTIFYING GDPR General Data Protection Regulation 2018 EMOTIO DESIGN GROUP | DNADIGITAL | IMRSIV

www.emotio.agency | 020 8385 5050


c

You are going to need get your forms compliant with GDPR regula'ons

Q

Analy'cs tools ePrivacy laws also come into eect and cookie laws will change to preference based.

EMOTIO DESIGN GROUP | DNADIGITAL | IMRSIV

Social Ads6

Y

Businesses who adver'se with the Facebook companies can con'nue to use Facebook plaGorms and solu'ons in the same way they do today

e

Email Marke'ng You may need to run a permission passing campaign to get people to re opt-in.

Google Adwords5 Interna'onal datatransfer mechanisms are cer'ďŹ ed under the EU - U.S. and Swiss U.S. Privacy Shield frameworks.

z

eCommerce You will be able to stay in contact with exis'ng customers so long as you have communica'ons that are of legi'mate interest.

5https://privacy.google.com/businesses/compliance/#?modal_active=none.

o

Data Collec'on

6https://en-gb.facebook.com/business/gdpr

How will GDPR impact your marketing?

www.emotio.agency | 020 8385 5050


Unbundled: Consent requests must be separate from other terms and conditions. Consent should not be a precondition of signing up to a service unless necessary for that service.

Enter Name Enter Email

Active opt-in: Pre-ticked opt-in boxes are invalid –

Enter Phone Number

use unticked opt-in boxes or similar active opt-in methods (e.g. a binary choice given equal prominence).

Enter Message

Granular: Give granular options to consent separately for

We’d love to send you special offers, exclusive deals and the

different types of processing wherever appropriate.

latest info from <my company, associated companies> by email, post, SMS, phone and other electronic means. We’ll always treat you personal details with the care and will never sell them to other companies for marketing purposes.

Named: Name your organisation and any third parties who will be relying on consent – even precisely defined categories of third-party organisations will not be acceptable under the GDPR.

Easy to withdraw: Tell people they have the right to withdraw their consent at any time, and how to do this. It must be as easy to withdraw as it was to give consent. This means you will need to have simple and effective withdrawal mechanisms in place.

Evidence: Brands must maintain records of the consents they have – i.e. what users were told and how they gave consent.

You can change your mind at any time by emailing me@domain.com and read our privacy policy here I would like to receive your newsletter I would like to hear about offers, events, services and information that you think I would find interesting. We may, on occasion, still need to send you important service messages.
 Communication Preference

Email

Soft Opt-in: This gives some level of marketing consent as an

EMOTIO DESIGN GROUP | DNADIGITAL | IMRSIV

SUBMIT

Phone

Post

1

exemption for existing customers, e.g. I’ve become a customer and it’s fair for you send me some marketing that’s relevant. It’s a formalised method of legitimate interest.

SMS

https://ico.org.uk/media/about-the-ico/consultations/2013551/draft-gdpr-consent-guidance-for-consultation-201703.pdf

GDPR: How to deal with data collection1

www.emotio.agency | 020 8385 5050


GDPR: Distrust provides an opportunity2

Brand Differentiator: The GDPR provides an opportunity for organisations to truly embrace data protection as a brand differentiator – a core value that engenders better, more trusting relationships with consumers.

EMOTIO DESIGN GROUP | DNADIGITAL | IMRSIV

Popular consumer fears about what might result from sharing data.

75%

Private information is being stolen by criminals

72% Data being sold on to third 68% parties for marketing purposes Nuisance and ‘cold’ calls

63% Do not believe companies 57% are transparent Spam emails and texts

2http://www.mailmen.co.uk/sites/default/files/GDPR_Guide.pdf

Tackling Distrust: The 2016 Annual Tracker study by the ICO showed that there is a “data-sharing tension” existed between consumers and businesses over privacy protection. GDPR seeks to allay this distrust, and as such, it presents an opportunity for marketers to build improved relationships with their customers and prospects by positively embracing the new powers that the law gives consumers.

www.emotio.agency | 020 8385 5050


GDPR: Dealing with existing data3

It’s likely you will lost between 50%-90% of your mailing list but.. …the benefits of a list of email subscribers who actually want to receive your emails are extremely significant. Better Open Rates More Conversions Outstanding Delivery Rates Lower Costs Higher Personalisation An audience genuinely interested in what you’re selling Email marketing is not about the size of your database, it’s ultimately about conversion rates. EMOTIO DESIGN GROUP | DNADIGITAL | IMRSIV

Creating valid reasons WHY your prospects should opt-in is imperative. Split test the campaign creative/ messaging and format into segments based on tag and vertical/niche filters Add as much personalisation within the email as possible Design an opt-in message which must include links to your privacy and cookie policies Optimise your emails for mobile (54% of emails are opened on mobile devices) We recommend that you create a simple HTML opt-in box/button, which integrates into body of all outbound emails You will also need to add an unsubscribe link in your emails

3https://thesocialeffect.com/gdpr-strategy-getting-existing-email-database-opted/

In simple terms, you need to get explicit permission from your EU email database to email them after the 25th of May 2018

www.emotio.agency | 020 8385 5050


GDPR: Run a ‘Permission Passing Campaign’

Permission Passing Campaign

Yes

No

Wait 1 Week

Permission Passing Campaign

Yes

EMOTIO DESIGN GROUP | DNADIGITAL | IMRSIV

No

http://www.mailmen.co.uk/sites/default/files/GDPR_Guide.pdf

Opted-in

www.emotio.agency | 020 8385 5050


How does GDPR impact your Website and CRM?

Z

It will be necessary to update your privacy policy to stay compliant

;

Suppliers Developers are ‘data processor’ as the developer of the system. A data controller is the person who “says how and why personal data is processed”.

EMOTIO DESIGN GROUP | DNADIGITAL | IMRSIV

Web Forms

X

Compliant forms and encrypted data movement from web page to database

]

Organisa'on Data will need to be organised and accessible. Visitors should be able to see the data and delete what you hold on them.

Websites To secure a website and encrypt data the site will need an SSL to put it on hQps

V

Data Storage If using a cloud provider based outside the EU. The transfer of data needs to be secure with data protec'on requirements.

5https://privacy.google.com/businesses/compliance/#?modal_active=none

`

Privacy Policy

www.emotio.agency | 020 8385 5050


GDPR: What is encryption?

Encryption is a mathematical function using a secret value — the key to unlock it Most of the open source platforms such as WP, Magento etc.. would use MD5 Encryption which is only 128-bit. More expensive SSLs are 256-bit. E.g. RSA/ SHA-256 encryption. There are new algorithms for SSL certificates using ECC and DSA encryption. Not all encryptions are equal; a 256-bit ECC key equates to the same as a 3,072bit RSA key. – Symantec offer these

EMOTIO DESIGN GROUP | DNADIGITAL | IMRSIV

SSLs come in a variety of prices, More expensive SSL certificates also verify your business, not just that you own the domain name attached to your website. You will gain a trust seal that customers can be confident about. Higher priced SSL certificates offer higher levels of encryption. There is an impending move to 2048-bit key lengths. Some provide automatic daily malware and website vulnerability scanning Finally - Security and audit - ensure strict rules are in place for data access and be able to track security access.

3https://thesocialeffect.com/gdpr-strategy-getting-existing-email-database-opted/

Data must be encrypted at rest and also during the flight (transmission from the web to storage).

www.emotio.agency | 020 8385 5050


GDPR: CRM Owners Data Source Secure in FLIGHT

CRM security control can be used to hide sensitive data and control access permission.

Put Data 
 Safeguards in Place

Integrate your CRM system with your email marketing system will make GDPR compliance easier. You should identify how good is your data quality is and and how it can be cleansed.

Data Sets Secured 
 & Encrypted

Get Control Over 
 All Data

Ensure Data is Deletable & Portable

Prepare for a 
 Security Breach

Communication & Resolution Plan

EMOTIO DESIGN GROUP | DNADIGITAL | IMRSIV

Data Management Guide

Ensure Backup is Compliant

3https://thesocialeffect.com/gdpr-strategy-getting-existing-email-database-opted/

Data will be at REST in a CRM system so must be encrypted.

www.emotio.agency | 020 8385 5050


Thank You WILLIAM OLD CENTRE, DUCK'S HILL RD
 NORTHWOOD HA6 2NP 020 8385 5050 B R A N D I N G | D I G I TA L D E S I G N | MARKETING PRINT DESIGN | D E V E L O P M E N T | M U LT I M E D I A www.emotio.co.uk • hello@emotio.co.uk

EMOTIO DESIGN GROUP | DNADIGITAL | IMRSIV

www.emotio.agency | 020 8385 5050


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.