General Data Protection Regulation best practice

The General Data Protection Regulation (AKA GDPR) goes much further than just securing consent for marketing. It covers how that data is:

  • stored,
  • segmented,
  • profiled, 
  • matched,

for various marketing or communication channels.

Our recent blog took you through the theory. So, to follow on from that here’s our hand-picked examples of how this has been put this into practice. These are just some of the companies, organisations who have taken steps to secure the confidence of their audiences.

General Data Protection Regulation best practice examples

Cancer Research UK’s ‘opt-in’ campaign

A media storm erupted last year about charities misusing people’s data to support fundraising activities. One of the charities caught up in the frenzy was Cancer Research UK who then took a bold step to clean up their reputation in readiness for GDPR.

Their large-scale ‘opt-in’ campaign extended across PR, outdoor advertising and digital marketing. They highlighted themselves as one of the first charities to only contact potential supporters who have explicitly requested it. CRUK admitted that this could lead to a short-term decline in support. But, also pointed out that this should even out over time by only communicating with a warm audience. This campaign was a brave move, a great way to overcome reputational damage and helped to reestablish trust with their various audiences.

Google’s privacy policy

The monster that is the world’s leading search engine sits on an absolute pile of data about:

  • who we are
  • what we do
  • where we go 
  • what we buy

Understandably, this is used for marketing purposes. Anyone with a Gmail account knows about the ads across the top of your inbox.

Although they may have also come under fire for their use of data and access to personal information, they flag this up to existing and new users on many an occasion – so much so that (ironically) a Google reveals how these popups can be blocked. Although no-one wants to annoy their web visitors, Google can’t be blamed for ensuring that all of their bases are covered and making their use of data explicitly clear.

It may not be the most user-friendly approach, but Google has also put together a substantial document which details how GDPR affects them and gives users the option to opt-in to their updated terms ahead of next May. It’s no small task to get all of the Google bases covered for GDPR. But their formal approach shows that they are taking it seriously, which should strengthen user confidence.

It’s not kid’s stuff

Digital media is a huge part of the lives of children today. Fact. And so GDPR will also tighten up legislation around the personal data of children. For businesses aimed at children under 16 years old, privacy notices will need to be written in a language which they would be able to understand. Children’s newspaper First News does this clearly and concisely avoiding any jargon so both young people and their parents will completely understand it. GDPR also introduces that companies offering online services to children may need parental consent to process a child’s data if they are under the age of 16. This is especially important when that data will be used for marketing purposes.

These are just a few examples of what large corporations are doing to prepare for GDPR. What are you going to do? Part 3 will have some advice and actions for small businesses in readiness for May.

The Typeface Group can get your business ready for GDPR. Contact us for information on how our team can ensure you’re covered and up-to-date.

How GDPR can benefit your business

The industry press is full of articles about the impact of GDPR.

Much of it focuses on how much work it’ll take in the short-term to prepare for the new legislation, which comes into force on 25 May 2018. But, GDPR can benefit your business in the long-term and here’s our guide on how to make the most of this opportunity to grow your company.