In ten months the EU’s General Data Protection Regulation (GDPR) comes into force.
It replaces the Data Protection Act and will ultimately change the way that organisations of every kind handle their customers’ personal information.
For the publishing sector this means that there will be new rules around reader consent, profiling, portability and the right of the consumer to be forgotten.
Any journalist or publisher handling European citizen data, even if they are physically located outside of the EU, will have to comply with this incoming regulation by 25 May, 2018.
Access to increasing amounts of consumer information has enabled magazine and newspapers to better understand their readers and to provide more relevant articles either online or in print.
For journalists and publishers there are five key areas of relevance in GDPR:
- Consent From next May publishers must gain opt-in permission from readers to contact them. This requires a clear affirmative action. Failure to opt-out will no longer be sufficient consent and post-May anyone continuing to communicate with a reader that simply hasn’t opted-out will be in contravention of the directive and open to a four per cent of global turnover fine. This is where many publishers will fall down as a significant proportion of the customer data held by the industry is failure to opt-out.Consent must also be granular with separate options being provided to customers; for instance permission to send direct marketing materials by email, mail or via SMS etc.
A customer preference centre; like those provided by Facebook and Twitter which enable members to set their privacy settings, is the easiest and most transparent way to manage customer permissions.
- ProfilingPermission must also be obtained to process a reader’s data. For instance if a subscriber has moved house and you want to trace them you must first have obtained their consent to do so. Again it is best practice to provide customers with a preference centre so they can explicitly tell you what they are and aren’t happy with when it comes to profiling.
Portability means that individuals can obtain and reuse their personal data for their own purposes across different services. In essence this means that a reader can request all of the information they have provided to you and their transactional history.
You must provide this data to them within a month in an easily readable format.
This provision has been included in GDPR to support customer choice, boost consumer empowerment and reduce ‘lock-in’. It will have the biggest impact on data-driven sectors such as banks, local government, cloud storage, insurance, streaming services and social networks with savvy customers using it as a way to switch providers and find cheaper deals.
Whilst less likely to be an everyday occurrence for publishers it is crucial that you are prepared so that if requested you are able to provide the relevant data to your readers quickly and cost effectively.
- Right to be forgotten
Consumers have the right to have their information deleted if they so require. If this is requested all data pertaining to that individual must be removed from the database as soon as possible and communication will no longer be lawfully allowed. This means if a reader or subscriber asks to be removed from the database you have to comply.
From next May data security will also become more of an issue. Any data breaches must be reported within 48 hours – a breach can be anything from a hacker stealing customer information to accidentally leaving a subscribers’ account information open on your screen for others to see.
Whilst many might think that only the largest companies, like TalkTalk or Equifax are the target of hackers, they’d be wrong. Last year 4,120 SMEs suffered a malicious data breach.
Whilst the above might seem like an insurmountable task, GDPR is transforming the way that businesses interact with their customers.
Ultimately for publishers and journalists it will provide a framework that engenders greater relationships with readers, which can only be a good thing resulting in better marketing return on investment.
Dave Gurney is managing director of marketing services company Alchemetrics
Email firstname.lastname@example.org to point out mistakes, provide story tips or send in a letter for publication on our "Letters Page" blog