GDPR is Here: Steps to Protecting Yourself

The implementation of the GDPR (General Data Protection Regulation) on May 25, 2018 means big changes to marketing practices worldwide. GDPR is a European Union (EU) law that protects how an individual’s personal information is gathered, stored, and used. If a business fails to comply to GDPR, the business could face fines up to 4% of a company’s annual global turnover or €20 million depending on the severity of the violation.

In addition to EU based businesses, non-EU businesses are affected by GDPR. Non-EU businesses must comply to GDPR if the company collects or processes data of EU residents or provides paid or non-paid goods and services to EU residents. It is important that all businesses comply to GDPR in the event that an EU resident visits an American website.

The requirements for GDPR include explicit consent from individuals regarding data collection. The explicit consent must be easy to understand and explain why the data is being collected and how it will be used. Additionally, businesses are required to report data breaches to the appropriate supervisory authority within 72 hours, and inform individuals if the breach directly harms them.

To prepare for GDPR, businesses should adhere to the following steps:

• Involve all people and departments within the organization that handle consumer data to ensure the procedural changes are fully understood and integrated accordingly.
• Perform an internal audit of your website to determine the type and origin of data, who the data is shared with, and which data relates to EU residents.
• Update the privacy policy to acknowledge GDPR and provide an explanation of how data is collected and used, and who it is shared with.
• Add a consent feature to the updated privacy policy for users to agree to the changes.

Here are some helpful tips for marketing under GDPR:

Google Analytics:

Make the data anonymous and inform individuals of cookie usage before entry to the website.

Remarking Ads, Tracking Pixels, or Cookies:

Obtain informed consent immediately from users when they visit your website.

Email Marketing:

Use a checkbox for visitors to consent to the information they are about to subscribe to. If you are currently using Constant Contact, here is an email template you can use for your current contacts: GDPR email template

Affiliate Links and Display Ads:

Obtain informed consent for cookie usage when users visit your website.

Comments:

Use a checkbox for visitors to consent and inform them that your website will store the comments and information relating to the comments such as the date and the computer’s IP address.

Product Sales:

Obtain consent if selling to an EU resident and inform them that only necessary information will be collected and how that information will be used.

By following these tips and guidelines, you can avoid fines and guarantee your business complies with GDPR. If you would like us to audit your website, or if you have any additional questions, please contact us.