The GDPR is a new regulation on data privacy and data protection for everyone who lives within the EU. It essentially determines how companies can process and use personally identifiable information. You’re probably thinking “okay, but this isn’t Europe.” You’re correct, but if you have any information on any customers or clients who live in the EU, this change affects you too.
High level: The GDPR states that anyone who collects personal data must clearly state how that data is going to be used, and a consumer must actively provide consent that they’re OK with that, and are willing to provide their information regardless.
So all that’s fine and good, but what do we have to do about it?
- Add consent checkboxes on all forms. And no, they can’t be pre-checked.
GDPR requires that brands need to collect consent that is “freely given, specific, informed, and unambiguous.” Does this mean all those forms offering an ebook? All those sweepstakes entries? All those general contact forms? Yes. If you’re planning to send marketing emails to those addresses, the forms have to be updated with a checkbox that says something along the lines of “I wish to receive marketing communications from this company.”
- Add checkboxes confirming users are cool with how you’re planning to use their data.
- Make sure your legal teams have reviewed your privacy policies.
- Request email marketing consent for existing contacts from the EU.
Of course, remember, I am a marketer – not a lawyer. I don’t have a legal background, so there may be other ways GDPR will affect your business that are not mentioned here. I highly encourage all companies to get in touch with their legal team to understand the new GDPR regulations and create an action plan to ensure your organization is compliant.