What is the GDPR?

The GDPR (General Data Protection Regulation) is a European regulation aimed at protecting the personal data of EU citizens and which entered into force on May 25, 2018.

In the new legislation, the term “personal data” refers to any data that relates to an identifiable natural person. Therefore, email address, profession, age and gender fall under the definition of “personal data” for the purposes of the GDPR.

What is the purpose of the General Data Protection Regulation?

Some of the main doubts that people have and that the GDPR aims to reduce are:

  • Who has access to my personal data?
  • Is my information accurate?
  • Is my data stored without my permission?

The GDPR aims to put EU citizens back in control of their personal data.

Because there were different local laws in the EU, the GDPR helps to simplify data protection laws so that they are consistent across the EU.

The regulation refers to any business, whether European or not, that handles the personal data of any European customer.

Some merchants, bloggers, and e-commerce owners are still unaware of the consequences of this new law, which includes, among other things, particularly high fines against any organization that violates its guidelines.

Others, on the other hand, are aware of the risks but do not know what measures they must take to comply with the regulations.

What does the GDPR mean?

The regulation establishes new rights for users (people whose personal data is being processed), as well as new responsibilities for the organizations and/or people who process this data.

These are the main points you should know:

  • The definition of personal data has been expanded to include anything that allows you to identify a person.
  • The law reinforces the protection and rights of a person in relation to consent and access to their personal data.
  • Service providers and subcontractors (such as cloud software services) may be liable.
  • Companies must clearly communicate to their customers how they will use their personal data.
  • Companies must also be transparent about the rights that customers have to request the restriction of access,
  • rectification, or deletion of their personal data.
  • Customers should be able to easily withdraw consent to access their data and request deletion of their data as soon as possible.
  • Companies must implement preventative measures to protect customer data.
  • Businesses must inform customers of any data breaches or leaks that may have occurred.
  • If a company is found to be in breach of the GDPR, it can face fines ranging from 2% to 4% of its revenue and can reach up to €20 million for the most serious violations.

The impact of GDPR and other privacy laws on email marketing

impact of GDPR

The main thing to keep in mind about GDPR and other privacy laws is that there is a legal way to get subscriber consent and it is called OPT-IN.

This means that companies must obtain consent for the processing of personal data, which is free, specific, informed, and unambiguous.

Points to consider when obtaining consent for the use of personal data:

  1. Companies will need to ensure that they show proof that a contact has consented to their data being processed.
    You can only legally use contact lists that are 100% opt-in, and only if you can prove that those contacts actually consented to your use.
  2. The registration process must inform subscribers about the company that is collecting consent and provide information about the purposes of collecting personal data.
  3. By following this new definition of opt-in, you will no longer be able to use email addresses you have collected through a registration or passive opt-in process without permission.
  • Passive opt-in: Do not use pre-ticked boxes or any other default consent method.
  • Permissionless Registration: The process of adding customers to a contact list without their consent after signing up for a different service.
  • Opt-in: the process of collecting information from a contact in which the contact freely and voluntarily gives his consent for the processing of his personal data. This usually comes in the form of a box that the contact must check.

GDPR preparation tips:

Most companies are a bit lost because there is no clear explanation of what is the most effective way to comply with the GDPR principles.

What we recommend is that you start with the following measures:

Assess if your current email lists are GDPR compliant

Are your lists GDPR compliant? To find out, ask yourself these 4 questions:

  1. Have your contacts consented to receive your emails through a subscription form?
  2. Did they give you their consent for the specific purpose for which you are using their data? For example, if they only signed up to receive an eBook, you won’t be able to send promotional emails.
  3. Did you keep accurate and secure records of all subscriptions you received?
  4. The law establishes that minors under 16 years of age need parental consent. Can you identify the minors on your list who did not provide parental consent?
  5. If you’re not sure if you have permission from your contacts, or if you prove that all contacts in your list are enabled, you may need to reconfirm your contacts’ consent.

And very important: always give them the option to unsubscribe so they can (whenever they want) stop receiving your emails.

Make sure you respect the rights of your customers

GDPR requirements

Are the procedures you use to give users access to their own personal data up to date?

Here are some tips:

  1. Take another look at your NDA and make sure users are clearly informed about how you plan to use their data.
  2. Establish a simple procedure (set up a form, a contact page, or a link in your newsletter) that makes it easy for contacts to request a copy or modification of the registered personal data.
  3. Establish a process so that users can easily refuse to have their data used for profiling or automated decisions.

Make sure your work tools comply with the GDPR

The new law imposes a common responsibility on companies and their service providers.

To avoid being penalized because one of your work tools does not comply with the GDPR, you must do the following:

  • Make a list of all cloud services that host your customers’ personal data on their servers.
  • Ask them if and how they comply with the GDPR.
  • Re-evaluate your relationship with any tools that do not comply with the new law.
0 CommentsClose Comments

Leave a comment

Newsletter Subscribe

Get the Latest Posts & Articles in Your Email

Loading

We Promise Not to Send Spam:)