First things first. We’re not lawyers, and what follows does not constitute legal advice. We have a vested interest in the success of our partnership and want to provide information to collectively aid us through this process. If you want true legal advice, we advise you seek out private counsel. Let’s get you prepared for the General Data Protection Regulation (GDPR) that went into effect May 25, 2018. Download guide here
Here are five big questions related to GDPR:
- What is GDPR?
- Does it affect our company or organization?
- How does this change the way we collect and store data?
- Does this change the way we communicate and market?
- How do we get started?
WHAT IS GDPR? The General Data Protection Regulation (GDPR)
(Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). The European Union currently has data protection regulation that determines how personal information can be used by companies, the government, and other organizations. GDPR changes the definition of personal information and how data is obtained and used. Within GDPR, there are 99 articles setting out the rights of individuals to have easier access to the information data companies collect about them, determinations of fines related to non-compliance, and responsibilities for obtaining consent and usage of personal information. This law provides greater transparency, enhanced rights for EU citizens, and increased accountability.
DOES IT AFFECT OUR COMPANY OR ORGANIZATION?
GDPR regulations apply to any company that processes EU consumer data, no matter where the company resides or where the servers that collect the data are located. These provisions promote accountability and governance. These measures were designed to minimize the risk of breaches and uphold the protection of personal data. Compliance for GDPR does not lay at just the feet of marketers, but in all processes of data storage, collection, and usage, and thus should become a boardroom topic if it has not already. Additionally, companies that have “regular and systematic monitoring” of individuals at a large scale or process a lot of sensitive personal data may have to designate a data protection officer (DPO).
HOW DOES THIS CHANGE THE WAY WE COLLECT AND STORE DATA?
LAWFULNESS Not every one that handles the personal data of individuals is the same, and GDPR regulation falls within two main categories: controller and processor. A controller is an entity that decides the purpose and manner in which personal data can be used. This is your role. A processor is a person (or team) that processes data on behalf of the controller; and includes obtaining, recording, adapting, or holding personal data. GDPR requirements are different for each. In addition, the controller is responsible for and must be able to demonstrate, compliance with GDPR principles.
Bottom line: for data processing to be lawful under GDPR, companies need to identify a lawful basis for processing personal data, and be able to document this.
HOW DOES THIS CHANGE THE WAY WE COMMUNICATE AND MARKET?
As long as you don’t get bogged down by the hype (remember Y2K), most marketers will understand that GDPR is actually a blessing. It forces us to be responsible and better marketers—and to provide our subscribers with exactly what they want. And that’s the way we all should be marketing. Think of this as a new (albeit required) goal to only communicate with those who want to hear from us, be ever-present in true permission-based marketing, and to have all data in order which can only build trust and loyalty with subscribers.
HOW DO WE GET STARTED?
Having a full understanding of GDPR is important, as it may impact a number of facets of your business practices. The place to start is in education, and while there is a myriad of articles and resources on the net, we find the information from the Information Commissioner’s Office— the UK’s independent authority set up to uphold information rights in the public interest—to be the most credible.
Interested in learning more about how to ensure your communications are GDPR compliant? We are here to help.