Coming in May 2018, GDPR has completely changed the way EU-based companies and corporations must market and promote their products online as they collect data from consumers. But, it also changes how U.S. businesses must operate as well.
What is the GDPR?
The European Union’s General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years.
It will replace the Data Protection Directive 95/46/ec on May 25, 2018, and become the primary law that regulates how companies collect and use citizen’s personal data online. If you are in compliance with the old legislation, you will need to make sure you also meet the requirements of the new law. Otherwise, you could face heavy fines and penalties. The new legislation will apply to each member state of the European Union.
Some of the most important changes include:
- Gaining consent from all people whose data will be processed
- Protection of privacy through anonymizing collected data
- Requiring notifications when data is breached
- Certain companies will be required to appoint a data protection officer to oversee GDPR compliances
The goal of the new law is to set a standard for all companies who handle EU citizen’s data, which should provide a better safeguard for the data during its collection and process.
But I’m located in the U.S., why does this matter to my business?
Any U.S. businesses who market their products online will need to comply with the updated legislation. That’s because Article 3 of the GDPR says if you collect personal data from someone in an EU company, your company is subject to the requirements of the GDPR. The EU citizen must be in the EU at the time of data collection. If they are outside the EU when data is collected, the GDPR wouldn’t apply.
If you are collecting any data online, this means you’ll want to prepare for GDPR, just in case an EU citizen would use your website from inside the EU and you would collect data from them.
So, what do I have to do to prepare for GDPR?
Now that you know that GDPR may affect you, how can you comply with the legislation? Well, the key is consent. If you are collecting data to get their email or other information, you have to get their consent. Said consent must be freely given, specific, informed, and an unambiguous indication of the person’s wishes.
If your company is collecting any type of information and data, like adding people to your email list, the person has to give consent to be on that list. Always explain what the information will be used for and you can’t ask for more information than what you will be using. In other words, don’t collect data you don’t need. If you’re building an email list, you don’t need individuals phone numbers.
When you process that data, it has to be done lawfully, fairly, and with transparency. If you’re storing data, you must only store data for as long as necessary, to fulfill the purpose for which you collected it. Additionally, the data collected must be secure. And, persons must be able to erase or rectify their data.
Things to keep in mind in light of the GDPR change:
- You should not purchase email lists
- You should not accept email lists from third parties like conferences attendees, trade shows, industry lists or any email address obtained from a source that the email address owner did not express consent for you to use their email directly on your website and “opt-in.”
- You should remove all email addresses that were obtained from sources other than the person’s who were obtained from a double opt-in on your site.
- Companies who try to sell you email addresses, lists, and the ability to directly email their list are fraudulent.
- Here is a list of services you should never spend money on in marketing: 5 Kinds of Marketing to Never Buy
This law goes into effect May 25th, 2018 and will be a big deal for business who collect data online. And, it changes how marketing will be done. But, it’s not a bad thing, especially if you are invested in relationship marketing and already work hard to serve your customers to the best of your ability.
This makes the data-collection process easier to understand for customers and offers transparency online for all. If you’re not already doing so, we highly recommend an ethical business practice for all, and always let your audience know why you want their data and what you will do with it.
The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. We want to ensure you’re ready for the change. If you have any questions please let us know.
Disclaimer: NOW Marketing Group is not offering legal advice. Should you have questions or concerns on how GDPR would affect your business, please speak to your legal representation.