You have probably heard about the General Data Privacy Regulation (GDPR) that goes into effect on May 25, 2018. The European Union's (EU) new legislation will have a huge impact on the way global marketers approach work, as well as how organizations obtain, store, and manage personal information and sensitive data of all EU citizens.
It is important that you and your company are compliant to the new standards of data collection, protection, retention, and deletion.
Disclaimer: In no way is the following legal advice for you or your company to use in complying with EU data privacy laws like the GDPR. This blog provides background information to help you better understand laws like the GDPR. This is not the same as legal advice. We insist that you consult an attorney if you would like advice on your interpretation of this information or its accuracy, especially in regards to your company.
TL;DR: Do not rely on this as legal advice, or as a legal recommendation.
What Is The GDPR?
The GDPR is the EU’s new data protection laws that replace the previous 1995 data protection directive (which the current law is based upon) that applies to all EU citizens regardless of where they are living or visiting. After May 25, 2018, companies will be more accountable for their handling of people’s personal and information. In addition, consumers will have a lot more power to access their own information that is being held by a company.
In other words, everyone will have the right to get confirmation that an organization has their information, as well as access to this information, and the option to ask to permanently delete this information.
The biggest difference in the GDPR versus previous regulations is that if you are found in violation you can be fined. If a company doesn’t process a consumer’s data in the correct way, you can be fined. If your company requires a Data Protection Officer, but do not have one, you can be fined. If there is a security breach, you can be fined… and so on…
How Does GDPR Affect Inbound Marketing?
The legal framework of the GDPR will have profound implications in how marketers manage their relationship with prospects and customers.
Under GDPR, a contact needs to be informed that their data will be stored and used by a company when they're submitting it. Consent has to be concrete and given specifically and the consumer must be informed of their right to consent. Best practice is for your company to use clear legal language that is easily-understood.
Another step will include an option for consumers to have the option to look at their data that you have collected. In addition, after they have looked at their data, they need to have an easy-to-follow way to opt-out of all further data and even delete their entire records if they so wish.
What Can I Do to Remain GDPR Compliant?
It is very important that your company remain GDPR compliant. Failure to remain compliant can result in very hefty fines. Following best practice, would be to put a person in charge of data compliance in regards to GDPR guidelines.
Regardless of whether you think the GDPR directly affects your marketing efforts, the bottom line is that it does; and for sure it will in the future, if (and when) similar procedures are implemented in the United States.