Sure, the arrival of the updated General Data Protection Regulation (GDPR) is just around the corner, and it’s something to be taken pretty seriously by app-owners and marketers who have users within the EU. From 25th May 2018, the risk is real; with fines for companies of up to €20 million or 4% of global annual turnover for failing to comply.
In a nutshell? The GDPR is a revolution in relevance
In a nutshell, the GDPR for mobile marketing is about users giving consent to data collection. The flipside is that it also gives them the ability, and leaves the opportunity wide open, for them to withdraw that consent.
But at its core, this power dynamic is not only a helpful mindset for marketers, but an opportunity to reach people on the move more effectively.
A chance to put in place measures to make sure you know someone in the right context for your business; to reduce wasted messages on those who don’t want to hear from you – and to be infinitely more relevant to those who do.
Don’t get lost in the jungle
The GDPR is happening for good reason. In a world of multi-device, many-channel marketing, the way some of the world’s businesses reach consumers has become an increasingly tangled undergrowth of mixed messages, muddled outreach objectives, shortcuts in responsible data usage, and sneaking through the backdoor to merge audience segments with unsavory and untraceable logic.
This is where it stops.
Here are 5 GDPR commandments for mobile which you as the marketer can observe day-to-day, guidelines which help to clearly see compliance from the consumer’s perspective.
#1: Data controllers need to kickstart the consumer conversation
Plot Projects customers are Data Controllers. These businesses who have a website or app are required to take responsibility and accountability for the personal data they store – proactively engaging with users to capture consent for marketing in a clear, intelligible and easily accessible way.
This doesn’t mean scaring users away with scrollable Ts & Cs as long as your arm, but it does mean easy-to-read information about the data you’re collecting about your consumers, the value that provides to them, and a clear invitation to update, change, retrieve or remove their data if they like.
If you as a business have installed the Plot Projects SDK in your app, then we are a Data Processor of your user’s data. This means we only process the data our customers specify, for their given purpose and duration – and nothing more.
#2: Only collect and use what you need from users, when you need it
Learn why it is that customers want you to reach them, by sending them an opt-in notification for relevant use of location data at the right time. Collect what you need in a transparent way, by capturing your user’s updated preferences and details in line with the value you’re offering. This means you need to communicate which purpose you’re asking your user to consent to – and explain clearly what that means.
You can’t, for example, begin using someone’s location opt-in for other channel-based interactions other than sending notifications – like selling it, or using it for banner retargeting. That’s not OK.
#3. Give users the opportunity to change, remove or update the information you have about them
… And make sure their data is up-to-date. Those local retail offers might not even be of interest to your user anymore; after all, she moved to the other side of the country a year ago. The GDPR gives you a great chance to consider and communicate the value of your app, so users are better incentivized to keep their information up-to-date. A conscious two-way channel of data-sharing is much more meaningful than a single shot-in-the-dark push message.
#4: Process user data in a way which ensures its security
Don’t email spreadsheets of geo data to Jack in dev-ops. As a Data Controller, it’s best to consult with your attorney to check you’re applying appropriate levels of disguise to data to practice the best consent management within your company, and that you have the right policies in place related to data transfer.
The rule of thumb from May 2018 onwards is that you should think in terms of privacy by design when building your app: who has access to what level of information, and why? What does my lifecycle in terms of data processing look like?
#5: Take ownership & accountability in building for mobile consent. Your users will love you for it.
Sounds scary, but it doesn’t have to be. The GDPR is a way of leveling the mobile playing field so that companies can comfortably become a meaningful and honest part of their user’s life.
It means you need to seize the opportunity to reach out to, and better understand your users in a way which makes complete sense for them, can be transparent about which data you have where, and be accountable for informing them about mistakes – if a breach were to happen.
Creating these moments of trust between user and app-owner with the GDPR as a trigger, becomes about building a longer-term, more rewarding relationship with them, through opt-in opportunities.
Want 4 practical tips for making sure your opt-in rate keeps on increasing, with the GDPR in mind? A few tried and tested use cases you shouldn’t miss: