The EU General Data Protection Regulation (GDPR) is a ruling intended to protect the data of citizens within the European Union. The GDPR is a move by The Council of the European Union, European Parliament, and European Commission to provide citizens with a greater level of control over their personal data.
After several years of refining and debating, the regulation was officially approved by European Parliament on April 14, 2016. As of May 25, 2018, heavy fines will be levied against any business who does not meet the guidelines set forth by the GDPR. The GDPR has far-reaching implications for all citizens of the European Union and businesses operating within the EU, regardless of physical location. If businesses offer goods or services to citizens of the EU, they will be subject to GDPR. In addition, any business that holds personal data of EU citizens can be held accountable under the GDPR.
Any company with employees located in the EU is obligated to comply. Whilst those companies with under 250 employees have considerably fewer obligations to consider, businesses still need to evaluate their processes in line with the requirements outlined. Voluntary groups, member clubs and charities also need to wise up and may have a few organisational changes to make too.
The regulation specifies the entities that will be impacted by the GDPR. The wording specifically includes data processors and data controllers. This means information that is stored in a “cloud” or in a separate physical location is still subject to penalties. Regardless of who has determined how your information will be used and who actually uses it, fines can still be imposed for misuse.
Email marketing under GDPR essentially means that, as an email marketer, you need to collect freely given, specific, informed and unambiguous consent. To achieve compliance, you have to adopt new practices:
– New consumer opt-in permission rules.
– Proof of consent storing systems.
– A method through which consumers can ask their personal information to be removed.
Even though the European regulation changes the marketing landscape, it is still possible to do email marketing. To help accomplish your email marketing objectives, we have elaborated this GDPR checklist of measures for your reference:
A – Take an audit of your current database.
Do you know geographically where your contacts are?
Do you capture an audit trail of consent?
B – Know your contacts and how you acquired them.
Do you keep track of when and where your contact information is coming from?
How did they end up in your database?
C – Review and disclose your data practices.
Do you ask for consent at the point of collecting the data?
Whilst the thought of GDPR might be daunting, it is a good thing for you as an individual and therefore better for your business. Times have changed, and the way we use personal data needs to improve. Customers will approve if you adhere to the new rules and don’t abuse their personal information. Our recommendation is to take action today and ensure you are GDPR compliant by the 25th May 2018.
Remember, even if they are an existing client or customers you will need their consent. If you don’t have it by the deadline then you won’t be able to process their data, and that includes deleting it. In that situation, it will be illegal for you to hold it, or get rid of it, a real catch-22.
The only exception is transaction data taken from your eCommerce website for example. This has to be held for a minimum time period.