Here’s the deal on data.
On May 25th, the new General Data Protection Regulation (GDPR) law goes into effect. GDPR is a new law made by the European Union to enforce advertiser accountability and protect user privacy. It gives users more control over their personal information and knowledge of how their data is being used.
What does GDPR mean for your business?
Currently, the law applies to those who do transactions with anyone in the EU’s 28 countries or the UK. If you have communications or trades with users in any of these locations, it’s time to make sure you are compliant with GDPR.
Even if GDPR is not a concern for you right now, read on. Transparent data practices are worth your time. They ensure more authentic engagement with your audiences and marketing practices are kept ethical.
What counts as “data”?
Data includes names, emails, phone numbers, photos, IP addresses, locations, income and other information connected to a user’s identity. Marketers collect this data to better serve their audiences.
How to comply:
Organize your data
If you are ever asked to provide data to a user, the new law requires that it be provided within one month and at no charge. It’s therefore a good idea to proactively organize all your data so that if necessary, you can supply it to the user in a timely and cost-efficient way.
Implement a Privacy Policy
Linked to your website and email signup forms, an up-to-date Privacy Policy should explain what data you are taking from users and what you do with that data. Your privacy policy should include the option for users to have personal data removed from your records.
Have a cookie policy to specify what you collect and why. Be sure to include third party links.
Secure your data
If your website doesn’t have an SSL certificate yet, we highly recommend getting one, both for security purposes and for good rankings on search engines.
Affirm Consent
Opting in is more ethical (and more fun) than opting out. Allow people to “positively opt-in” with an unchecked check-box (not pre-checked). This principle is called “affirmative consent,” and means that permission is required before being added to a list or targeted for ads.
Expand the process with a double opt-in tactic such as an email confirmation. This can eliminate hackers and serve as evidence of consent.
Make unsubscribing uncomplicated. Eliminate the small print here. Permission has to be 100% explicit.
For email and payment processing tools, choose providers that cover GDPR.
Understand Who Does What
A Data Protection Officer should be a new person on your team who manages all data practices for your company based on GDPR’s requirements.
Data controllers handle personal data, manage consent and enable the right to access. Facebook is a prime example. The company is now (smartly) making it easier for people to have control over their own data and being transparent about how advertisers handle it.
Data processors are those who process personal data for data controllers. This is a person, agency, public authority or other entity that processes personal data for the controller.
What else to know right now:
Facebook Pixel has new GDPR requirements.
Google Analytics does, too.
Failure to comply will result in 4% of global annual revenue in fines or 20 million euros (whichever is higher).
Further, GDPR is sure to have a ripple effect on data practices across the globe. It offers an opportunity to get organized and be fully transparent. After all, building trust with your customers is what will keep them coming back.
Need some help getting up to snuff with GDPR? Let’s talk.