GDPR: What We Gotta Do About It
As many of you are probably well aware, the European Union’s (EU) new data protection regulation, General Data Protection Regulation (GDPR), went into effect in late May. You may have noticed something going on in the digital marketing sphere when brands sent emails about updating their privacy policy. But for those of you who haven’t been following, let me give a quick run-down:
The GDPR is a new regulation on data privacy and data protection for everyone who lives within the EU. It essentially determines how companies can process and use personally identifiable information. You’re probably thinking “okay, but this isn’t Europe.” You’re correct, but if you have any information on any customers or clients who live in the EU, this change affects you too.
High level: The GDPR states that anyone who collects personal data must clearly state how that data is going to be used, and a consumer must actively provide consent that they’re OK with that, and are willing to provide their information regardless.
So all that’s fine and good, but what do we have to do about it?
Add consent checkboxes on all forms. And no, they can’t be pre-checked.
GDPR requires that brands need to collect consent that is “freely given, specific, informed, and unambiguous.” Does this mean all those forms offering an ebook? All those sweepstakes entries? All those general contact forms? Yes. If you’re planning to send marketing emails to those addresses, the forms have to be updated with a checkbox that says something along the lines of “I wish to receive marketing communications from this company.”
Add checkboxes confirming users are cool with how you’re planning to use their data.
Companies have to make it explicitly clear that they’re giving consumers the information they need to make an informed decision before providing consent. Adding a checkbox (again, that isn’t pre-checked) that says something like “I consent for my data to be used based on the provided privacy policy,” provides users with the resource they need to know how their data is being used. And speaking of privacy policies…
Make sure your legal teams have reviewed your privacy policies.
Now more than ever, privacy policies have to explicitly state how users’ data is being used – specifically personally identifiable information. Your legal team and marketing team need to be aligned on how this information is being handled to make sure the privacy policy is up to date and accurate. While they’re at it, make sure your legal team has reviewed the new GDPR guidelines to make sure you’re compliant.
Request email marketing consent for existing contacts from the EU.
Yes, you read that right. If there’s anyone in your email marketing list who signed up via a means that would not hold up under the new regulations, your company has to contact these consumers and explicitly ask them for their consent. This email should have a clear button that says “I want to receive these emails,” as well as a clear link to access the company’s privacy policy.
Of course, remember, I am a marketer – not a lawyer. I don’t have a legal background, so there may be other ways GDPR will affect your business that are not mentioned here. I highly encourage all companies to get in touch with their legal team to understand the new GDPR regulations and create an action plan to ensure your organization is compliant.