The GDPR came into force in May 2018, bringing with it a massive impact on all companies using data for marketing to EU citizens. However, a 2017 survey carried out by email marketing brand Campaigner found that only 1% of marketers were making compliance one of their top priorities for 2018, and 87% admitted to not understanding how the regulations would affect their business.
Any business that has at least one customer or prospect who is an EU citizen, and collects or uses any form of data from these users, needs to understand the GDPR regulations in order to stay on the right side of the law. There are also special considerations to be made for those who use that data in AI-driven software.
As we’re now well past the deadline for compliance, you’ve probably already taken steps to ensure your website, email communications, and other digital marketing assets are in line with best practice recommendations. But if you’re considering exploring the possibilities of marketing automation and artificial intelligence in 2019, there are some additional things you need to be aware of.
What is GDPR?
The General Data Protection Regulation or GDPR is a regulation designed to protect the rights and personal data of European citizens.
The GDPR requires that companies explain in plain English exactly what data is collected by their users or website visitors, and how this data is stored and used. Only data necessary to the stated purpose may be collected (for example while it may be reasonable to collect an individual’s name and email for the purpose of sending a PDF report, asking for personal data such as annual income or marital status is almost definitely unreasonable). Individuals can also request a copy of their personal data and ask for it to be deleted.
Even if you don’t collect customer data as such, GDPR regulations may still apply. For example, if you use any kind of cookies to track visitors or enable analytics software, this data is also subject to GDPR for EU visitors to your site, even if the data is not directly linked to identifiable information such as a name or email address.
The regulation also requires that EU citizens must give their explicit consent before a company collects any data relating to them. This is why you may have noticed so many websites adding a pop-up about cookie consent over the last year.
GDPR may be a European regulation but companies operating outside the EU aren’t let off the hook either. Any company that collects or processes the data of an EU citizen must abide by the GDPR regulations. What this means is that if you run a website, app, or any other digital application that may be visited by an EU citizen, and you collect any kind of data from your users, you need to make sure that your organization is GDPR compliant.
If you aren’t sure whether or not you’re currently subject to comply, learning the basics of the GDPR is still an important endeavor. The landmark legislation marks a new era of data privacy and information security laws, and many countries are modelling new regulations off the GDPR.
How does GDPR affect AI software?
As marketing software that uses AI is usually powered by data—giving insight into customer or lead demographics, brand interactions, and buying behavior — any AI-powered websites or apps using data-driven functionality must make sure they’re GDPR compliant too.
The wording of the GDPR also includes specific clauses that relate to AI and machine learning, for example: “[users] can contest ‘legal or similarly significant’ decisions made by algorithms and appeal for human intervention.” One example of where this clause might apply is where AI is used to determine eligibility for financial products such as a mortgage application.
The rules also state that people can ask for an explanation of how algorithm-driven digital services make decisions relating to their users, which may pose a problem for any company using AI-powered recommendation engines, for example. Can you explain to your users exactly why certain products are recommended to them?
However, while GDPR compliance may seem intimidating (not least because of the €20 million maximum fine for non-compliance), it’s also a great opportunity for marketers to clean up their data and build better relationships with their users.
GDPR and Chatbots
The use of chatbots is on the rise, with 25% of customer service operations expected to use virtual customer assistants by the end of the year.
Chatbots use customer data retrieved from a database and also collect data from customers in conversation. This is nothing new, as customers expect to give their name, order numbers, and other information whether they’re talking to a human customer service agent or a bot. However, you do need to pay more attention to how this data is used to remain GRPD compliant:
Map out exactly what data is recorded and which is personally identifiable information
Know where this data is stored and who has access to it (and how this access is protected)
Inform users that their data is being recorded
Make it clear that interaction with the chatbot acts as consent that customer data will be accessed and stored
Make sure interactions with your CRM and other databases are in line with user consent
Ensure you implement a straightforward way of looking up all data and deleting it in the event of a data or deletion request
Because chatbots seem less formal than taking data via a form on the website, it’s easy to fall into the trap of thinking they’re not subject to the same data protection guidelines. The reality is, they’re subject to GDPR just as any of your other interactions with consumers are.
Generally speaking, the more transparent you can be with users and the more clearly you explain things, the better. If a chatbot has access to data that a customer has previously provided on the website or by email, this needs to be explained. This also helps to avoid any spooky over-familiarity that may be experienced by the customer that can trigger privacy concerns.
AI, Big Data, Privacy, and the Future
It’s clear that GDPR is affecting the sheer amount of data that businesses can collect on their customers and users. This may impact on the development of AI alongside the growth of the Internet of Things as we move into the future.
AI and Big Data are natural companions – machines are highly efficient at processing large amounts of data and spotting trends and patterns in it. The introduction of GDPR, unfortunately, does mean that marketers are more limited in the amount of data they can collect and how they can collect and use this data.
However, it’s not all bad news. While the volume of marketing data may be restricted, the quality of this data will increase as GDPR restrictions mean that companies must pay more attention to how data is stored and accessed. Ultimately, data hygiene will become more important than ever before.
High quality data is vital for AI. As the saying goes “garbage in, garbage out” – you need to feed your AI software good information to give the algorithms the best chance of making good decisions and accurate analysis.
This also means a higher level of customer trust as companies are forced to be more transparent with their audience about how they use data, and customers experience less reluctance to hand over personal data as they know their privacy is a top priority.
If you’re using AI-powered marketing platforms, work with the developers to ensure that they’re GDPR compliant and you’re utilizing best practices when it comes to implementing them.
AI technology companies are still getting the balance right between the need for privacy and the need to collect data. In the meantime, it’s marketers’ job to ensure that data is collected responsibly and relationships with customers are strengthened to build trust. An infographic from Privacy Tiger highlighted that women are 74% more likely than men to trust Facebook over the US government.
GDPR is not the end of AI as we know it. But it is influencing its direction (in a positive way) and forcing us to think more carefully about how we use artificial intelligence in marketing and our interactions with consumers.