The GDPR effect on small business’ marketing practices.
Tagged: Business and management
The European Union's General Data Protection Regulation (GDPR) came into effect in May 2018 to give individuals greater control over their personal data. The GDPR is a comprehensive set of regulations that govern how businesses handle personal data, and it applies to all organizations that process the personal data of E.U. citizens. This essay will discuss the impact of the GDPR on small business marketing practices, focusing on the changes in data collection, processing, and marketing strategies.
Data Collection:One of the fundamental changes brought about by the GDPR is the requirement for businesses to get consent before obtaining their data. Small businesses can no longer rely on pre-ticked boxes or assume consent based on the individual's silence. Instead, they must provide clear and concise information about the purpose of data collection and obtain specific consent, informed and freely given (Article 7). This requirement affects the initial data collection and requires businesses to obtain renewed consent if the data is used for a different purpose.
Furthermore, the GDPR requires businesses to be transparent about the data they collect and provide individuals with access to their data upon request (Article 15). This means that small businesses must maintain accurate records of the data they collect and be able to produce it upon request. If these laws are violated, the company could be fined up to 4% of its global turnover or €20 million, whichever is higher. (Article 83).
Data Processing:The GDPR requires businesses to process personal data in a manner that ensures its security and confidentiality (Article 5). Small businesses must also set up the proper organizational and technical safeguards to guard against unauthorized access, modification, or destruction of personal data. These measures may include encryption, access controls, and regular security audits.
The right to be forgotten is an essential core contribution possible by the GDPR (Article 17). In certain situations, such as when the data is no longer needed for the purpose for which it was collected or if the individual withdraws their consent, individuals have the right to request the erasure of their data. This right poses a significant challenge for small businesses that rely on personal data to deliver marketing campaigns. For example, if an individual exercises their right to be forgotten, the company must delete all their data, including any marketing materials or tracking data.
Marketing Strategies:The GDPR has significant implications for small business marketing strategies. Firstly, businesses must ensure that their marketing activities are GDPR compliant. This means that they must obtain explicit consent before sending marketing communications to individuals (Article 6). They must also provide individuals with the option to opt out of receiving further communications at any time (Article 21).
Secondly, the GDPR limits the personal data businesses can collect and use for marketing purposes. For example, businesses cannot use sensitive personal data, such as health or sexual orientation, for marketing purposes without the individual's explicit consent (Article 9). Additionally, businesses must only collect and use data necessary for the specific marketing activity (Article 5). This means that businesses must carefully consider the data they collect and their marketing campaigns to ensure that they comply with GDPR requirements.
Social Media MarketingFor instance, the study by Alkis and Kose (2022) found that privacy concerns significantly impact consumer behaviour in response to social media advertising. Consumers who have more significant privacy concerns are less likely to click on social media ads, less likely to provide personal information, and less likely to make purchases through e-commerce websites. The study also found that the GDPR positively impacts consumer trust in e-commerce businesses. Furthermore, consumers aware of the GDPR are more likely to trust e-commerce businesses with their data, indicating that the GDPR has increased consumer awareness of their data protection rights and increased trust in companies that comply with the regulation (Alkis, A. & Kose, T. 2022).
Web Traffic and User Engagement with WebsitesSimilarly, Congiu, R., Sabatino, L., & Sapi, G. (2022) found that the GDPR has decreased web traffic and user engagement with websites. Websites that implemented cookie consent pop-ups experienced a significant decrease in page views, session duration, and bounce rate. However, the study also found that websites that provided clear and concise information about their data collection and use practices and implemented appropriate security measures experienced a smaller decrease in user engagement.
The study provides several recommendations for businesses to navigate the changing privacy landscape. Firstly, companies should prioritize transparency in their data collection and use practices. They should provide clear and concise information about their data collection and use practices and obtain clearly-mentioned consent from individuals before collecting and using their data. Secondly, companies must prioritize data security and put suitable organizational and technical safeguards in place to guard against unauthorized access to or disclosure of customer information. Thirdly, businesses should consider the user experience when implementing cookie consent pop-ups, ensuring they are not intrusive or negatively impact user engagement.
Finally, businesses must ensure their third-party marketing partners comply with the GDPR. Under the GDPR, businesses are responsible for ensuring that any third-party data processors they work with comply with the regulation (Article 28). This means that small businesses must carefully vet their marketing partners and ensure that they have appropriate data protection measures in place.
The execution of the General Data Protection Regulation (GDPR) has presented several challenges for small businesses in their marketing efforts. Some of these challenges include:- Obtaining explicit consent: The GDPR requires businesses to get clear consent from individuals before collecting their data. Small businesses can no longer rely on pre-ticked boxes or assume consent based on the individual's silence. Instead, they must provide clear and concise information about the purpose of data collection and obtain specific, informed, and freely given consent.
- Maintaining accurate records: Businesses must disclose the data they collect to customers and give them access to that data upon request under the GDPR. This means that small businesses must maintain accurate records of the data they collect and be able to produce it upon request.
- Implementing appropriate security measures: The GDPR mandates that organizations handle personal data in a secure and confidential manner. Small businesses must also put in place the proper organizational and technical safeguards to guard against unauthorized access, modification, or destruction of personal data.
- Right to be forgotten: The GDPR allows individuals to request to delete their data under certain circumstances. This poses a significant challenge for small businesses that rely on personal data to deliver marketing campaigns. For example, if an individual exercises their right to be forgotten, the business must delete all their data, including any marketing materials or tracking data.
- Limitations on personal data collection: The GDPR limits how much personal data businesses can collect and use for marketing purposes. Companies cannot use sensitive personal data, such as health or sexual orientation, for marketing purposes without the individual's explicit consent. Additionally, businesses must only collect and use data necessary for specific marketing activities.
- Compliance with third-party marketing partners: Under the GDPR, businesses are responsible for ensuring that any third-party data processors they work with comply with the regulation. This means that small businesses must carefully vet their marketing partners and ensure that they have appropriate data protection measures in place.
- Increased fines for non-compliance: The GDPR introduced significantly increased fines for non-compliance. Small businesses that fail to comply with the regulation could face fines of up to 4% of the company's global turnover or €20 million, whichever is greater.
Overall, small businesses face several challenges in their marketing efforts after the implementation of the GDPR. They must obtain explicit consent, maintain accurate records, implement appropriate security measures, comply with limitations on personal data collection, ensure the compliance of third-party marketing partners, and face increased fines for non-compliance.
ConclusionIn conclusion, the GDPR has significantly impacted small business marketing practices. The regulation has introduced strict requirements for data collection, processing, and marketing strategies, which require businesses to obtain explicit consent, maintain accurate records, and implement appropriate security measures. Furthermore, the GDPR
References- Alkis, A. & Kose, T. (2022). Privacy concerns in consumer E-commerce activities and response to social media advertising: Empirical evidence from Europe. Computers in Human Behavior, 137, 107412. https://doi.org/10.1016/j.chb.2022.107412
- Congiu, R., Sabatino, L., & Sapi, G. (2022). The Impact of Privacy Regulation on Web Traffic: Evidence From the GDPR. Information Economics and Policy, 61, 101003. https://doi.org/10.1016/j.infoecopol.2022.101003.
- Regulation (E.U.) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/E.C. (General Data Protection Regulation), art. 15, 2016 O.J. (L 119) 1.
- Regulation (E.U.) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/E.C. (General Data Protection Regulation), art. 17, 2016 O.J. (L 119) 1.
- Regulation (E.U.) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/E.C. (General Data Protection Regulation), art. 83, 2016 O.J. (L 119) 1.
- Regulation (E.U.) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/E.C. (General Data Protection Regulation), art. 21, 2016 O.J. (L 119) 1.