How GDPR affects Australian Marketers

There’s a reason why your inbox is full of emails about updated privacy policies.

Europe’s new data protection laws, called GDPR, comes into effect on 25 May.

The General Data Protection Regulation, or GDPR, aims to protect European user data via new rules and policies on the collection, storage, and use of personal data. It also outlines the rights of individuals to protect, access, and modify their own data, including a newer clause called “Right to be Forgotten”.

The fines for non-compliance are stiff: from the 25 May, the penalty for breaches can reach up to 20 million euro or 4% of a company’s annual global turnover.

So, the 20 million euro question is…

Does the GDPR apply to Australian businesses?

It depends.

Businesses that offer goods or services to customers in the European Union (EU) need to be GDPR-compliantfor European user dataregardless of where the business is based.

According to the Australian Government, “Australian businesses with an establishment in the EU, or that offer goods and services in the EU, or that monitor the behaviour of individuals in the EU may need to comply.”

Even more specifically…

“Australian businesses that may be covered include:

  • an Australian business with an office in the EU;
  • an Australian business whose website enables EU customers to order goods or services in a European language (other than English) or enables payment in euros;
  • an Australian business whose website mentions customers or users in the EU;
  • an Australian business that tracks individuals in the EU on the internet and uses data processing techniques to profile individuals to analyse and predict personal preferences, behaviours and attitudes.”

If you’re unsure of your eligibility and obligations under GDPR, we recommend getting legal advice.

What are the key elements of the new regulations?

In case you don’t want to wade into the 150-page, 54,328-word document here’s a quick summary of key elements that impact marketers.

  • Businesses must collect users’ consent to receive communication about marketing, or any other communication that is not related to their original enquiry. The new requirements state that “pre-ticked boxes or inactivity should not therefore constitute consent” (which is in line with the Australian SPAM laws already on the books).
  • Businesses must make it easy for users to see what consent they have given, withdraw it, and register an objection.
  • Businesses need to tell users if cookies are being used to track them, and if so, they must consent to their use.
  • Users have the right to request for their personal data to be permanently deleted in a timely manner.
  • Users have the right to request a copy of their personal data.
  • Users have the right to request to update any of their personal details if they are inaccurate or incomplete.
  • Businesses must ensure that sensitive customer data is protected by up-to-date and effective security practices.
  • Businesses must report data breaches to proper authorities within 72 hours.

That all sounds complex. What’s actually going to change?

Great question.

When I recently spoke to the CEO of an international marketing platform, they admitted there’s still a ton of uncertainty about what this means for Australian marketers.

Because the new requirements apply to all data previously collected, it means companies will need to re-opt in all EU users if their data was captured in a non-GDPR way. Ouch. That could completely change the way companies use their current email marketing list.

Here are a few predictions for what GDPR means:

I believe we’ll see the European Commission going after the largest companies with the most egregious privacy violations. In the context of Cambridge Analytica, this is a good thing.

We’ll likely see global companies rethinking what data they need to capture. Perhaps we’ll say goodbye to the wild west days when brands and analytics platforms captured every single data point possible, with the hopes of crunching it into something useful later.

We’ll likely see better practices in user privacy, email opt-in, and data-management across countries and industries. Just as the 2003 American CAN-SPAM Act has become “best practice” over time (for example, including the sender’s address in marketing emails), we’ll ultimately build better practices around marketing consent and opt-ins.

The “right to be forgotten” means that marketing platforms will add in the option for companies to more easily process the removal of individual’s data from 3rd party platforms, which is a good thing.

Overall, I think the biggest change will be for email list growth and lead generation. Marketers working in the GDPR context will face a larger hurdle in building email and customer databases and will be forced to introduce clearer hurdles to opt-in processes. This is ultimately good for customers and their inboxes, but bad for companies that depended on growing their email list for sales.

As this is the largest privacy changes in the online era, it remains to be seen how this changes marketing outside of the EU.

If you’re terrified of the changes coming into effect on May 25, one option is to simply block all traffic coming from the EU.

Sort of joking… sort of not.

About Us

Hi, we’re ntegrity, an award winning digital agency in Melbourne, Australia. We specialise in digital strategy, digital marketing, and training, and aim to operate as an extension of your team.

You can read more about our story and team or explore what we offer.

8 Ways to Make the Most of your Google Grants Account

It’s nearly been a full year since Google announced changes to its Google Grants policy in December 2017 with the…

How to use retros to build a better company — and culture

  How do you make sure that you and your team are continuously improving? At ntegrity—like Google, Facebook, and Atlassian—we…

How GDPR affects Australian Marketers

There’s a reason why your inbox is full of emails about updated privacy policies. Europe’s new data protection laws, called…

The .au domain change that may be coming to Australia

Whether you like it or not, changes may be coming to Australian website domains. auDA, the official Australian industry body…

Wrestling with January 26

Every year when January 26 rolls around, I wrestle with two equal but opposing feelings. The first is simple: I love…

Massive new Ad Grants changes announced—here’s what not for profits need to do

Google Ad Grants, the super-generous $120,000-of-free-advertising-a-year program, has recently announced new requirements. And it means that some not for profits…

Subscribe

Newsletter
Digital Direction

Empowering Medela Australia to become the leading local subsidiary of their global brand

As the market-leader in breastfeeding products, Medela Australia approached us to help shape their digital direction and remain relevant to a new generation of mums.

View Case Study
As seen in