First things first. We’re not lawyers, and what follows does not constitute legal advice. We have a vested interest in the success of our partnership and want to provide information to collectively aid us through this process.
Here are five big questions related to GDPR:
- What is GDPR?
- Does it affect our company or organization?
- How does this change the way we collect and store data?
- Does this change the way we communicate and market?
- How do we get started?
WHAT IS GDPR? The General Data Protection Regulation (GDPR)
(Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union. The European Commission intends to strengthen and unify data protection for all individuals within the European Union (EU). The European Union currently has data protection regulation that determines how personal information can be used by companies, the government, and other organizations. GDPR changes the definition of personal information and how data is obtained and used. Within GDPR, there are 99 articles setting out the rights of individuals to have easier access to the information data companies collect about them. There are also determinations of fines related to non-compliance, and responsibilities for obtaining consent and usage of personal information. This law provides greater transparency, enhanced rights for EU citizens, and increased accountability.
DOES IT AFFECT OUR COMPANY OR ORGANIZATION?
GDPR regulations apply to any company that processes EU consumer data. This is applicable no matter where the company resides or where the servers that collect the data are located. These provisions promote accountability and governance. These measures minimize the risk of breaches and uphold the protection of personal data. Compliance for GDPR does not lay at just the feet of marketers, but in all processes of data storage, collection, and usage. Thus, this will become a boardroom topic if it has not already. Additionally, companies that have “regular and systematic monitoring” of individuals at a large scale or process a lot of sensitive personal data may have to designate a data protection officer (DPO).
HOW DOES THIS CHANGE THE WAY WE COLLECT AND STORE DATA?
LAWFULNESS Not everyone that handles the personal data of individuals is the same. GDPR regulation falls within two main categories: controller and processor. A controller is an entity that decides the purpose and manner in which personal data can be used. This is your role. A processor is a person (or team) that processes data on behalf of the controller; and includes obtaining, recording, adapting, or holding personal data. GDPR requirements are different for each. In addition, the controller is responsible for and must demonstrate compliance with GDPR principles.
Bottom line: for data processing to be lawful under GDPR, companies need to identify a lawful basis for processing personal data. Companies also need to be able to document this.
HOW DOES THIS CHANGE THE WAY WE COMMUNICATE AND MARKET?
Most marketers will understand that GDPR is actually a blessing. It forces us to be responsible and better marketers. It also provides our subscribers with exactly what they want. And that’s the way we all should be marketing. Think of this as a new (albeit required) goal to only communicate with those who want to hear from us. Also, to have all data in order which can only build trust and loyalty with subscribers.
HOW CAN WE GET STARTED?
Having a full understanding of GDPR is important, as it may impact a number of facets of your business practices. The place to start is in education. While there is a myriad of articles and resources on the net, we find the information from the Information Commissioner’s Office.
Interested in learning more about how to ensure your communications are GDPR compliant? We are here to help.
