GDPR? What on earth is she on about?
Which one of the following best describes you?
- GDPR? The General Data Protection Regulation in Europe? Not my territory, so not for me.
Unfortunately, I hate to burst the bubble, but if you run an online business and you have the option for people to sign up to a newsletter, freebie or anything else on your website anywhere on this beautiful planet, you best read on! I’ll keep this relatively jargon-free and easy to read.
The General Data Protection Regulation comes into effect on 25th May 2018. What is it?
This regulation coming into effect is a much stricter one than the one currently in place. As you may or may not know, the EU is already very touchy about their citizen’s privacy. By changing the current regulation to this one, they want to give the EU citizen greater control over how their personal data is used and stored.
Why is this important for your business?
The EU body looking after this regulation has expanded the territory worldwide. If your business’ intention is to offer goods or services in Europe, you will be subject to the imposed penalties as well as held accountable for how and where you store their data. Breaches and unethical practices could see you facing fines of 4% of our annual, global turnover or 20 million Euro (whichever is highest). 4% might be a drop in the ocean, however, I have a slight hunch none of us
What does this ‘clear and concise language’ actually entail?
It’s all about the consent request and how you deal with the information you receive from the individual afterwards.
- You must ask everyone to positively opt-in = a clear question asking them whether they wish to be added to your marketing list with a by default unticked ‘Yes’ box.
- Double opt-in activated (soft opt-in is not considered as consent)
- Do you specify clearly what they are signing up for? Or is it vague or non-existent?
- Have you specified why you want the data an what you intend to do with it?
- Do you only ask for the necessary information?
- How clear is it they can unsubscribe at any stage without implications to them?
- Consent should not be a pre-condition of service (if they are signing up for a freebie and they say no to being added to the marketing list, you still have to send them the freebie)
- If you are working or offering content to kids up until the age of 16, you must gain parental consent
How do you manage this consent?
- Keep a record of the person giving you consent. I am sure most systems have a custom field/questions area you can add to the form, do not delete this at any stage (export a list of your contacts regularly to keep a record of this).
- If you decide to change the wording, create a completely new question as you must have a record too of what the person was asked at the time of giving their consent
Some extra good-practice tips
- Review your processes regularly
- If you discover a breach, notify everyone immediately and tell them how you are dealing with this
- Make it easy for people to unsubscribe from your list (believe me it helps you in the long run)
Disclaimer: I am not a lawyer and this is by no means legal advice (I binge-watched all the Silk seasons and I could probably have a good crack at it but those wigs would look horrendous on me). Check everything over with your lawyer!
I have created a handy checklist for you. If you wish to receive it and tick those boxes sign up below!