The GDPR (General Data Protection Regulation) is a new legislation passed in the European Union. As a business operating in the United States, you may not think you have anything to worry about. However, if you’re not prepared for it, you could accidentally violate GDPR policies and end up paying a hefty fine. Also, the U.S. may not be far behind in adopting this policy. In this blog, we will tell you what exactly the GDPR is, who’s affected by it, and how to become GDPR compliant.
What is it? How Does it Affect Marketing?
The General Data Protection Regulation was implemented on May 25, 2018. It is a digital privacy regulation aimed at protecting the personal data of internet users across the European Union. It is now required that companies build privacy settings into their websites, products, emails, etc. You must conduct regular privacy impact assessments, improve the way you request permission to use user data and keep a clear record of how you use personal data.
Here are three main areas you should focus on as a marketer:
Data Permission
Data permission is one of the most important aspects of being GDPR compliant. It is all about managing your email opt-ins when users give you permission to or request you send them marketing or promotional materials. You can no longer assume people want you to contact them and have users opt-out later if they decide they don’t want to receive marketing communications from you. Now, you have your get specified permission from each individual user to contact them.
Data Access
Data AccessUnder the GDPR, it is your responsibility as a marketer to ensure each of your users can access their data and take back their consent for you to use it. This is as easy as including an “Unsubscribe” link in your email marketing campaigns. Your emails should also include a link to a user profile that will allow users to manage their email preferences, giving them full control of what you may send them.
Data Focus
When collecting user data, marketers often seek more information than they need. Under the GDPR, it now requires you to prove the need for the data you’re are collecting. So, if you need not know a user’s age or gender, stop asking for it and stick with the basic contact information you need.
Who’s Affected Most?
Email Marketers
Email marketing is the core piece of lead generation for many B2B businesses. So, getting as many emails as possible is one of the main goals of an email marketer. Under the GDPR, the only way to gain user emails will be if they willingly give it to you. Scraping emails from websites or buying email lists is now forbidden and those that do it will be penalized. Don’t automatically add users to your email list and give them the option to opt-out later. Ensure each user explicitly gives you permission to collect their email address and send them marketing materials.
Marketing Automation Specialists
With the increase of chat bots being implemented on business websites, marketing automation is on the rise. Marketing automation is a powerful and convenient tool to help businesses generate more leads and turn those leads into customers quickly. However, you need to know how the GDPR will affect your strategies. For businesses that use chat bots, it is imperative you ask each user, new and returning, to collect their data. This should be your first interaction with the user. You need to tell them what you’re collecting, why you’re collecting it, and you must give each user access to their data with the ability to delete it.
If your CRM system automatically sends out emails to potential leads, you need to check your list to ensure everyone on it has opted-in to your email list. The second a user opts-out, delete them from your email list and make sure your upcoming email blast does not include said user. If not, your CRM system could automatically send emails to users that have opted-out, which would penalize you and could lead to a fine.
Public Relations Specialists
Public Relations SpecialistsThe GDPR doesn’t just apply to businesses which reach out to potential or current customers, it includes those that reach out to journalists too. Journalists must give you permission to reach out to them to promote new products or company news. Using platforms like HARO is a safe way to reach out to journalists under the GDPR. Platforms like this are used by journalists who are asking people to reach out to them. Basically, don’t reach out to anyone who hasn’t asked you to.
GDPR Checklist: What Needs to Be Done?
Audit Your Mailing List
Go through all of your mailing lists to make sure they are GDPR compliant. This means removing any users in which you don’t have a record of their opt-in. All it takes is one opted-out user receiving an unsolicited email from you to put you in violation of the GDPR. Make sure new subscribers give you consent to contact them by adding a designated check-box explaining your terms and conditions. Just to be safe, you may also want to send out an automated email to users that subscribe to confirm their subscription. Going forward, keep an organized record of all your user subscriptions. This will provide you with proof that a user willingly agreed to receive email communications from you.
Review the Ways You Collect Emails
Now that scraping and buying email lists is forbidden under the GDPR, it’s time you review the way you collect user data. Instead of scraping the internet for emails, offer something of value to users for their emails and permission to send them marketing communications. You can offer a monthly newsletter, eBooks, or a special promotion. A great way to do this is to have pop-ups on your website. You can have specific pop-ups appear on different pages of your site to segment user email lists into categories like company news, blog posts or special offers.
Understand the Data You’re Collecting
Do you absolutely need all the information you’re collecting from users? If you can’t justify your reasoning for collecting certain user data, then you shouldn’t be doing it. Make sure you’re only collecting essential data you can prove the legal need for. The only data you really need is a user’s full name, email address and sometimes their company name. Other than that, you’d be pushing the limits of what data you should or can collect.
Update Your Privacy Policy
Review the current privacy policy of your business and update it to be GDPR compliant. To do this, you must explain when and why you’re collecting user data. Tell users what type of data you will collect from them and give your legal basis for collecting said data. Ensure users have access to their data, giving them the ability to limit the data you collect and to delete their data anytime they want. Your privacy policy should use simple language so users are given a clear and concise explanation for how and why their personal data is being collected.
Becoming GDPR Compliant is Imperative
Becoming GDPR Compliant is ImperativeWhile the GDPR only affects businesses those doing business in the European Union, the US will not be far behind. Make sure all of your marketing strategies are GDPR compliant so your business doesn’t have to pay a hefty cost down the line. Here at Creative Click Media, we can help your business become GDPR compliant. We are email marketing experts and we’ll ensure your strategies align with the new privacy regulations. If you need help with your email marketing strategy, contact us today!
