GDPR — everyone is talking about it, but what does it mean?
Let's start with the basics.
The Technical Stuff
GDPR has finally been approved to replace the Data Protection Directive 95/46/EC, after four years of preparation. The Directive was established back in 1995 and the world as we know it has changed drastically since then. GDPR is set to continue to protect the privacy of the citizens of Europe while decreasing the amount of data security breaches amongst the union.
The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. - EUGDPR.org
Why Does GDPR Matter to You?
Put simply, heavy fines are in place for those who are not in compliance with the regulation.
GDPR will go into effect on May 25 of this year. This regulatory update is aimed to enhance the person protection of citizens online — also affecting how we are able to market to them. There are increasingly strict obligations when collecting information and contacting visitors online.
Who is Affected?
Being a European regulation, GDPR will directly affect all business entities within Europe. But, that does not mean that here in the United States, we are in the clear. Non-European businesses who market or monitor the behavior of users in Europe are also effected by this regulation.
If your website and/or digital marketing content reaches Europe, you must follow the rules.
GDPR breaks down into a few different categories:
With this given consent, the user is agreeing to be contacted in the future for the specific instances outlined and agreed upon (ex: marketing emails, sales calls, blog subscription updates).
If you are wishing to contact existing customers, you are in the safe zone. You are able to send performance metrics and/or bills to your customers alongside helpful and truly useful information to enhance your customer relationship.
Note: It must be easy to OPT-OUT of all communications. Each email sent will have to include unsubscribe links and to withdraw consent for previous subscription preferences.
Your website must give notice that cookies are being used to track and monitor behavior and store data (you have likely seen this in the past but this will become increasingly apparent).
Cookies have always been a treat for marketers because we are able to store data on users who are both new and returning and gain immense insight into who they are and how they are interacting with our website.
Access to Information
Acquisition: Users have the right to request access to the information that you have stored about them already. In this instance, you must provide the requester with a copy of the data.
- Deletion: This one is new to most of us — users are able to request the deletion of all data you have acquired and stored about them. Upon receiving this request, you must respond to the individual user within 30 days and permanently remove their contact and communication records (limited circumstances apply here).
Modification: Users may also request to modify incorrect or incomplete data that has been acquired about them.
This is a brief summary of GDPR but keep in mind, you will have to make sure you are in complete compliance before May 25. If you are a HubSpot user, take a look at the GDPR Product Readiness page to see how you can make these changes within your portal. If not, EUGDPR has put together a list of resources as well.
Note/Disclaimer: this blog is intended to provide a broad overview of GDPR for informational purposes only. It does not constitute legal advice regarding GDPR compliance, and should not be interpreted as such. If you need legal advice about GDPR compliance, we STRONGLY recommend that you speak to an attorney.