On May 25th, 2018, new GDPR regulations will take effect, impacting all companies that process personal data about individuals.
What is the GDPR?
GDPR stands for General Data Protection Regulation focused on the privacy and data protection of individuals in the European Union. The law pertains to companies, organizations, or individuals that interact with or process personal data about individuals in the EU, regardless of where the company is based.
Why Does it Matter for Marketers?
With Facebook still getting flack from the resurfacing of the Cambridge Analytica data breach, Facebook is making every effort to crack down on businesses that utilize its platform. You may have already been requested to prove ownership of your business if you have an active Facebook page.
In a recent article, Facebook made it clear that marketers that advertise through Facebook’s platform are “responsible for complying with the GDPR.
Regardless of where your business is located, if you do business in the EU or collect personal data from an individual in the EU, you must comply with these new standards.
For example, if you run a marketing agency in New York and you have clients in San Francisco and LA, but during a lead gen campaign, you collect an email from an EU citizen, you fall under this new regulation.
In short, nearly every digital marketer will be required to make their agency GDPR compliant.
But, don’t worry! We’re here to help.
What do I need to do?
If you’re collecting or processing data on behalf of your clients, ensure your client’s legal documents clearly state how an individual’s data is used.
2. Include a Terms of Service and Privacy checkbox
Get the code (for Angular):
View it in action here:
You also can no longer treat opt-ins to free content as an opt-in to your general marketing/email list. People need to give explicit consent to get emails from you in order to market to them using the data you gained.
3. Only Process Data necessary for the Service you Explicitly Provide
Essentially, if you collect data from users and they agree to your terms of service (TOS), you can only use their data in ways explicitly described in the TOS.
An example would be if you currently collect basic profiling information from individuals for one of your clients, and in the terms of service, it states that you are collecting the data to send customized email newsletters.
Two weeks later, you decide you want to use that data for retargeting ads or maybe you send the data to another 3rd party provider for audience profiling. This violates the GDPR legislation and requires you to gain user’s consent to an amended TOS.
4. Users must have a Way to Withdraw Consent
If an individual decides they no longer want you to have access to their data or they no longer want you processing their information, you must give them a clear way to opt-out.
This is generally included in any form of email marketing, but you should keep this in mind when using an individual’s data in any other way.
What if I don’t Comply?
Failure to comply with the GDPR can result in significant fines — up to 4% of global annual revenue for certain violations.
If you’re unsure if your company needs to be GDPR compliant, it’s always better to err on the safe side.