Since the General Data Protection Regulation (GDPR) became live on May 25 this year in the European Union (EU), those involved in marketing, online and otherwise, have had to make some serious changes to the way in which they collect, manage, store, and even erase personal data of all EU residents.
The size of your marketing enterprise does not matter. Your company, whether populated by only you or by millions of employees, must comply with GDPR regulations. However, the bigger your company, the more complicated compliance is.
Here are some things marketers need to note:
- Firstly, GDPR is actual legislation, not recommendations or suggestions. It protects the rights of all EU residents whom you employ or with whom you do business.
- Given that most businesses have an online presence, GDPR will have an effect on any companies that offer goods and services no matter where they are located. So chances are strong that these regulations involve your business.
- Personal data under GDPR is any personal information that would make any EU resident identifiable.
- GDPR is aimed at data protecting the rights of all EU residents, no matter where they live, and all those residing in an EU country when personal data is taken.
- If you can and are willing to block any traffic to your website from any EU resident, then you are not involved in GDPR compliance. Otherwise, you’d better be prepared to comply with the GDPR.
- According to GDPR, if you collect any personal data you must have that EU resident sign a consent form for personal information that could identify him/her.
- If the data is sensitive information — like race, sexual persuasion, politics, union membership, medical information, religion, or criminal proceedings — then you need explicit consent for processing this any and every time you collect it. This explicit consent means data subjects agree in writing to sharing their information and to allowing you to use it for the stated purpose.
- Data subjects can give an electronic signature for personal data processing.
- It is wise for all marketers to request consent from all data subjects, not just EU residents, any time personal data is collected. Moreover, when asking yourself: “Do I need explicit consent or not?”, one should always err on the side of treating personal data as explicit.
- You can no longer count such things as pre-ticked boxes or failure to opt out or seeking consent ‘later’ as consent.
- You need to provide data subjects with an option to opt out of data sharing at every instance of collecting personal data.
- This is the time to revisit your privacy settings. Are they GDPR compliant? If not, what needs to be done?
- Every data subject protected by GDPR has the right to be forgotten or the right to data erasure. Set up your site so opting out is easy. Make it simple for visitors to your website to delete information.
- GDPR rights guarantee all EU residents access to their personal data. They also have the right to correct, amend, add to or delete incorrect data is their personal data file.
- Remember: IP addresses are personal data that is identifiable information.
- Media sites like Facebook, Google, and Twitter consider GDPR compliance an important responsibility. They will do their utmost to be GDPR compliant.
- Data collected by your site may never be shared with another site unless you have explicit written consent of data subjects to do so.
- Be prepared for the fact that GDPR compliance will cost you money and valuable time. Also understand that failure to comply can be costly in fines and in bad press. Both of these can ruin your marketing business.
- So, are you considering a gamble? Are you thinking: I am just a little marketer? There are so many others much bigger than I. They’ll never get around to me. Sure. That MAY occur. But can you risk it? The penalties are severe!
- Are you thinking: If they ever really catch me, I can always fight it. Right again. However court costs; time and labor are major factors in your business. Also consider that the bad publicity could kill your business.