In recent years, there have been several incidents in which large companies have been involved in situations related to illegal processing, hacking, and theft of customer personal data.
One of the most relevant cases, with important repercussions that we’re already experiencing, was the case of the Facebook–Cambridge Analytica data scandal.
Facebook didn’t suffer data theft as such, but the consulting company- Cambridge Analytica used personal data of 87 million users, harvested through the Facebook platform without consent to influence the 2016 United States elections and England’s exit from the European Union (EU).
This and other similar cases, only reveal something that had not been foreseen in the digital age: the personal data provided by millions of people to thousands of companies on the Internet isn’t being treated and protected in a proper way.
This is the reason why GDPR arose in Europe and in this context, we’ll explain what the impact of GDPR is on today’s digital marketing and search engine optimization (SEO).
What is GDPR?
GDPR is the acronym for General Data Protection Regulation, and it’s a regulation that replaces the old Directive of 1995, which was already obsolete with respect to the modern communications environment, where the Internet, mobile devices, and social networks changed the rules of the game.
This Regulation came into force on May 25, 2018, and is characterized by putting the personal data of users at the highest level of importance regarding legal protection.
The law applies to all those companies that work with personal data of European residents, even when such companies don’t have their headquarters in Europe.
What is the effect of all this?
GDPR affects all companies that store or handle personal data of citizens in the EU, regardless of their location.
In this way, even when your company is in the most remote place on the planet Earth if your company needs a citizen of France or Germany to give you their personal data, you have to comply with this law.
Remember that personal data is any type of information that identifies a person; this can include such common elements as the name or email address, but also an IP address or cookie information.
In a different context, even a personal trait or clothing piece, could be considered personal data if it serves to identify a person.
In the case of the data controller, GDPR is very ample in cases in which the individual, department, or even the entire brand, have full responsibility for handling the data.
The data controller must also implement measures to guarantee the security of this data, and in some cases, a privacy impact assessment can also be mandatory, due to the use of new technologies.
Another of the most important aspects is the explicit consent that might be needed for the processing of individuals’ personal information and the right to be forgotten or delete all their personal data in the databases of companies, among other GDPR rights.
What is the impact of GDPR on Digital Marketing?
It’s a fact that if you work with digital marketing and collect data from your customers, you’ll necessarily have to make some changes in order to avoid incurring violations, according to European Regulation.
The most important factor that GDPR demands in digital marketing is that you must let users choose if they want to be contacted or tracked, and how.
Whether you can track online activity of users or not, is now dependent on their acceptance of the terms of privacy and cookie policies. But additional to that, the following are some specific considerations you should have.
Information in the cloud
Today, a good part of personal data is processed with this type of services and these are vulnerable to being attacked, stolen, or leaked from any location in the world. Companies must then take measures to ensure the protection of customer data and even those of the employees themselves.
Regarding GDPR, you can’t continue buying email lists or scraping them from any website, this is strictly prohibited. In this case, the ideal scenario would be that users opt-in to your email marketing system, giving consent to the use of their personal data.
Automation is a powerful tool to improve the results in certain marketing techniques. You need to find a way to avoid that your automated system sends automatic emails to users that have opted out.
In other words, you will have to make sure that each email address in your client database has given you permission to market to them.
When you release information regarding a new product of your company to journalists, you need to take precautions because journalists must give you consent to be contacted by your company.
In this sense, a good idea is using a platform where journalists ask you to contact them or use a generic email address such as firstname.lastname@example.org which does not contain any personal info.
Another option is when journalists contact you directly. In that case, you are free to contact them since you will base this communication on a different lawful basis, like legitimate interest, so there is no problem regarding the GDPR.
What about the impact of GDPR on SEO?
GDPR has also impacted SEO, but not so deeply as you might think. Here are some points to consider.
SEO is more convenient now
Due to the limitations imposed by the GDPR, companies now prefer to create valuable content to reach users. This means that SEO is GDPR compliant.
GDPR has provided a new balance between paid and organic search because it has minimized retargeting.
You can take advantage of this by optimizing your metadata and URLs. This will lead to people clicking more on your pages.
In addition to this, you need to put a greater emphasis on creating relevant content, which adds value to users and invites them to return to your site again and again. Creating eye-catching headlines and subtitles also contributes to this.
The hardest part is that modern users expect highly personalized content, so it’s a challenge to find the perfect balance between giving users what they ask for and using their data in a GDPR compliant way.
For this, the best solution is to ask for consent when needed and educate users on how you are going to use their data, explaining how this can help you give them a richer and more personalized user experience.
GDPR requires that you ask your users to choose whether to accept cookies from your site or not. This means that they’ll be also accepting ads.
The problem is that using pop-up ads will increase the bounce rate, so it’ll be a good idea to position your banners in the top and inline header, and in the footer.
Use of Analytics Tools
Personally Identifiable Information (PII) is a feature that many tools for web analysis make use of. However, harvesting data without proper consent isn’t compliant with GDPR.
If you want to analyze the behavior of users using these types of tools, you must choose very well which ones you use.
In this sense, you should choose those that provide you with options to protect the data and anonymity of users, giving them several points to accept or reject the data processing and policies of your website.
A good option for this is Google Analytics, since it allows you to set up its features to avoid sending personal data.
Previously, it wasn’t possible to place links to other pages of your website on pages that had nothing to do with the general content of your website.
Now, GDPR authorizes you to place links to privacy policies on all your pages, which represents an opportunity for you to also place links to other types of pages.
Traffic blocking and redirection
It’s no longer convenient to block and redirect EU traffic that is GDPR compliant, as this can affect your B2B SEO strategy, leading to negative consequences for your website, including:
- Loss of backlinks
- Decrease in your EU rankings
- Loss of customers
The best way to avoid this is to adapt all your website and content so that it’s compatible with GDPR policies in the way that has already been explained.
Additional tips to balance GDPR with marketing and SEO
As you have seen, GDPR improves the privacy rights of users, which means an increase in obligations for companies. To ensure that everything is correct, follow these tips:
Organize your database
Verify that you have all personal data under control. Take the opportunity to eliminate those data that you don’t need.
In addition to that, use automatic data classification tools or tracking solutions to carry out a record of the treatments to which you submit all that information.
Ask for clear and express consent for the use of data
It is necessary for the client to expressly indicate their consent to the use of their data, but it’s also very important that you explain clearly and simply how you are going to use that data.
It’s also important to keep track of who has given consent, when, how, and for what reason. This also means that if in the future you want to use that data for a different purpose, you’ll have to obtain the client’s consent again.
In this case, consent management platforms can help you consolidate your data and align your marketing communication with data privacy regulations.
Guarantee data portability
If a client so indicates, you must be able to transfer all their data in a structured, automated, and commonly used format to another company indicated by the same client.
Protect information very well
GDPR requires the implementation of technical and organizational measures that are necessary to guarantee an adequate level of security. However, it doesn’t indicate exactly the measures to be implemented.
This means that you should be the one to assess what types of tools to use according to the circumstances and in the event of a personal data leak or theft, you must notify personal data breach within a maximum period of 72 hours.
What happens if you don’t follow the measures to comply with GDPR?
If you decide to ignore this Regulation, you should be prepared since the fines that are contemplated for breach of GDPR can reach up to 4% of global annual turnover or up to 20 million euros, in addition to the reputational crisis that it can entail.
If you work with digital marketing, you must take into account international regulations, whether they are from Europe or elsewhere.
These are aspects that could seriously affect your brand if you don’t take the necessary measures and carry out an inappropriate data treatment. Ultimately, you can end up incurring crime, loss of reputation, and other critical inconveniences.
It’s best to contact professionals in the area who will advise you on the subject and help you create a data protection strategy that adapts well to your digital marketing strategy.