GDPR Compliance: Q&A

Posted by Patty Cisco on May 23, 2018 at 1:12 PM     Agency NewsStrategy
GDPR Compliance: Q&A

With the GDPR deadline fast approaching, many businesses are wondering how it will affect them. Let’s go over some of the most frequently asked questions about the GDPR.  

What is the GDPR?

GDPR, or General Data Protection Regulation, is legislation that goes into effect May 25, 2018, and was created to protect the privacy of EU residents.

The goal of this compliance regulation is to give the consumer ultimate transparency of what information is being collected and why, and gives the consumer the choice of whether or not to share his/her data.

The other part of this legislation is that GDPR will monitor the process by which companies collect, process, store and use personal data. This means that each company must provide legal documentation for data processing practices.

Who Does the GDPR Affect?

If you control or process the data of EU citizens, even if you’re based outside of the EU, the GDPR will apply to you.

How Does This Affect Digital Marketing?

The GDPR was designed to create more transparency between organizations who collect and control data and the individuals whose personal data is being collected.

This means organizations that collect data via a form must communicate clearly what the data is going to be used for and the individual will need to give their consent and also be told about their right to withdraw consent.

Once data is collected, these organizations can only use it and store it for specified, explicit and legitimate purposes. It also needs to be stored in a secure manner and in accordance with the Security provisions of the GDPR.

People will now be able to ask organizations at any time to correct or update their data if the information is no longer accurate.

Also, the organization is responsible for ensuring they comply with their obligations under the GDPR, which means they need to keep records to prove compliance and ensure they have policies in place governing the collection and use of that data.

What Is Marketing Essentials Doing?

As part of our commitment to GDPR compliance, we have updated our Privacy Policy.

In addition, we are committed to our clients’ privacy by following appropriate security measures and precautions, and ensuring necessary security certificates and data transfer mechanisms are in place and compliant with current regulations.

The Benefit of Becoming GDPR-Compliant

So far, the GDPR has been seen as a largely positive change by consumers in the European Union and Switzerland. In a recent survey conducted by HubSpot of consumers in the UK, Ireland, Germany, Austria and Switzerland, 90% “agreed the principles set out under the GDPR were good for consumers.”

People prefer to know what data you’re collecting on them and feel they have a right to control the use of that data. It’s a perfectly natural and legitimate sentiment that smart companies will pay attention to.

After all, truly successful marketing shouldn’t feel invasive. It shouldn’t feel like a telemarketing call that comes just as you sit down to dinner. Rather, it should feel helpful and nonintrusive. Your marketing should be something potential customers enjoy rather than endure.

While it will take some extra work on your company’s part, GDPR compliance shouldn’t be looked at as a bad thing. Rather, it’s a chance to listen to your customers and re-evaluate how to give them the best possible experience when they interact your business. It’s an opportunity to build a relationship with your base by building trust.

It’s also a way to cut down on shady black hat marketing practices that some of the less scrupulous members of the marketing profession engage in. By becoming GDPR compliant, you’re showing customers that you don’t engage in things like buying email lists or tricking customers with confusing opt-in and opt-out practices.

Additionally, even if your company has absolutely no interaction with EU consumers that you are aware of, it’s a good idea to pay attention to the regulations and consider becoming compliant. U.S. lawmakers recently introduced a data protection bill similar to the GDPR, meaning companies that market exclusively to U.S. consumers may face similar regulations in the future. Regardless of whether the act passes, it’s unlikely this is the last time you’ll hear about data privacy regulations in the U.S.

Steps Your Business Should Take to Prepare for the GDPR

Before the GDPR goes into effect on May 25, here are some steps you can take to prepare:

  1. Educate and empower your team. Ensure that those who need to be informed of GDPR changes in your organization have been, especially decision makers. Meet with your compliance department to discuss how GDPR may or may not affect your company. If you do not have someone already assigned to the task, determine who will be responsible for compliance, such as a data protection officer (a role required for certain companies under the EU’s new regulations).
  2. Update your privacy policy. Review your privacy policy page to determine whether or not it will need to be updated to reflect the new regulations. You can use this guide to individual rights under GDPR during your assessment. The two main highlights you should pay special attention to are the “right to be forgotten" and the "right to data portability," meaning users can request that their data information be deleted or provided to them (in most cases free-of-charge).
  3. Simplify language and plan for data requests. When reviewing your privacy policy, make sure that in addition to complying with new data regulations, it’s comprehensible to the average reader. In other words, avoid legalese. In keeping with the updated policy, have a plan in place for if someone were to request that their information be deleted or shared with them.
  4. Ask for user consent and make it easy to opt-out. Consent is key. Make it clear to users what they are consenting to when they share information on your website. For example, if a user fills out a contact form and shares their email address, that does not mean they have given their consent for you to use their email for other purposes, like a newsletter (unless you have explicitly informed them that they will be signed up for such communications and asked for their consent). Additionally, make it easy for them to withdraw consent.
  5. Audit the tools you use to ensure they’re GDPR-compliant. Any tools you use for your website or marketing efforts will also need to be GDPR-compliant. This includes things such as WordPress, MailChimp, Google Analytics, social channels and so on.
  6. Work with outside partners to become GDPR-compliant. Discuss changes with third-party providers, including your marketing agency. Ask them what they will be doing to help you comply with the GDPR.  For questions specific to your business, it may also be helpful to work with an outside partner to ensure that your company is doing everything it should to become GDPR-compliant.

Marketing Essentials, GDPR and You

At Marketing Essentials, we’ve already updated our policy to safeguard the data we collect. We’re treating the GDPR as an opportunity to take a closer look at how we can best protect data and use it to provide an optimal experience for our clients and users  — all while remaining transparent about what information we’re collecting.

Questions about GDPR and how it will affect your business? Contact us today.