There’s going to be a huge impact to the way we do business and the way we carry out our marketing activities when The EU’s General Data Protection Regulations (GDPR) comes into force on 25th May 2018. This got me questioning what the implications are for SEO consultants and SEO managers.
Businesses must begin to get themselves ready to ensure they are compliant and able to demonstrate that compliance with the GDPR.
The aim of the GDPR is to simplify and improve the way data protection works for citizens, businesses and residents of the EU. Unfortunately, the regulations are a significant step change from what has gone before so it’s important that businesses really get their head around what the implications are, and how they should deal with them.
There are many people in the business community and the digital marketing sphere who are already living in fear of the implications of this regulation. But I’m not sure they have to be.
And if you’re thinking you might not have to worry about this due to Brexit, think again. All European laws and regulations will be carried over to the UK and this will come into force before the expected 2019 UK exit from the EU.
Every business and organisation that holds, collects and stores information about EU citizens will have to comply with these regulations. As this will cover almost every operation, business owners, marketers and SEOs must ask themselves what they need to do to deal with the changing regulations.
There are three main areas in which GDPR will affect the marketing activities of a business. These three areas are:
- Consent to communications
- The Right to be Forgotten
- Processing personal data
Historically, I’ve always advised web owners that they should use a pre-ticked box in order to gain the consent of the users filling in contact forms. However, the regulations are changing that. They specify that this consent must be ‘freely given, specific, informed, and unambiguous’ and that there must be ‘clear affirmative action’.
Technically I think this was the intention of the Privacy and Electronic Communications Regulations 2003, however, the wording ha made it much more specific.
Probably the most discussed and debated part of the GDPR is the so called Right to be Forgotten. With its emphasis on giving people more control over their own data and means that you have to have a specified way in which people can withdraw consent for their data to be processed and stored. And the onus is on the initial contact to inform any third parties that the consent has been withdrawn.
In addition, there has to be a reason for collecting and storing data. In the future, we won’t just able to frivolously collect and store data like we have in the past. We’re going to have to be able to demonstrate why it’s there and what we plan to do with it. If you can’t do that with your data, you’ll have to delete it.
Many of these regulations may feel very familiar to you. In fact, they are tightening up of pre-existing regulations. One big difference is the penalties. If you breach the GDPR, you could face fines of up to €20 million or 4% of global annual turnover. Whichever is the greatest? And whilst as a realist I know it’s unlikely we won’t face these kinds of fines, they are significant enough to be a real deterrent.
Why do SEO consultants have to worry about GDPR?
From this moment onwards we need to be considering how we can get affirmative action. I reckon usability and CRO consultants are going to have a field day with this trying to help businesses comply.
With usability becoming an increasingly important part of SEO, we’ve got to be thinking about how we can get those increased conversions. We should also think that the way people interact with the consent button could one day be incorporated into Google’s algorithm. It’s not a big leap to think the consent button use could be seen as a trust signal.
I firmly believe that if you have a bad pot of data you can’t do good marketing. Often business owners look for volume. But the reality is, with a small, well-segmented pot of data you can do better more creative marketing. It does mean you have to stop looking at marketing as a science or a numbers game and start thinking smarter, but it can be done.
Start building the pages of content on websites that give people either a way to request their data be removed or destroyed, or provide information about how they go about it. You might as well do this today. In the future, I think this will be as standard as a privacy policy and t&cs are today.
GDPR and content marketing
As content marketing is central to most good SEO strategies these days, it’s important that we consider how content creation is treated under the GDPR regulations as well.
Historically Section 32 exemption provided some protection to journalists and this could be applied to the way content marketers reported on things going on, especially when they call out specific people.
There is no section 32 type exemption in the GDPR which means we will have to be even more careful when discussing specific people in content marketing pieces. I think from an SEO perspective it’s probably best to create strategies that don’t rely on talking about people directly!
Don’t wait for May 2018 – get started now
As data protection becomes that bit more complicated it’s important that we try to understand how to comply with it. It may be that it’s a good idea to appoint a data protection officer from the team, who may be a member of the marketing team such as an SEO, or a member of the finance or operations teams to keep abreast of the changes.
Probably one of the first things you’re going to have to do is carry out an audit to understand if you’re already compliant or what you need to do to become compliant. You’ll probably need to update policies and procedures and train your team in order to stay compliant into the future too.
