May 15, 2018 will be an important date for every online business and digital marketer. On this day, the European Union’s General Data Protection Regulation (GDPR) will come into effect and forever change our concept of data collection and privacy in the online environment.
What are the Key Changes Brought Forth by the GDPR?
Under the GDPR, European citizens, as well as citizens from Norway, Switzerland, Iceland and Liechtenstein (which are not EU Members) have more control over the following:
- Giving and withdrawing consent for the collection of their personal data,
- Enforcing their right to inspect their personal data collected by various companies, and
- Demanding that companies delete their personal data.
These changes are aimed to reduce abuse in the practice of transferring personal data to third parties for marketing purposes and establish a fairer balance in the relationship between internet users and businesses who collect their data.
Does the GDPR Apply to Companies Outside the European Union?
So far you have heard about how European Union citizens will receive better protection for their personal data. But how does the GDPR impact a business outside the EU territory? It does so by being applicable to any company that collects personal data from people living in the European Union. Thus, unless you make your website and marketing messages unreachable by EU citizens, your company must comply with the GDPR.
How does the GDPR Impact Your Digital Marketing Strategies?
The GDPR obliges companies to audit their digital marketing practices and strategies and make them safer and more user-friendly for regular people. Below we’ll talk about some of the ways in which the GDPR will impact your small business and its online marketing strategies.
- Everyday Language in Terms and Conditions
Let’s face it–nobody really understands the contents of the Terms and Conditions or Privacy Policy pages in most websites. They are often complex and elaborate, and contain lots of esoteric legal terms and phrases.
The GDPR obliges companies to rephrase these texts into simple, clear, everyday terms which any user can understand. The key principle behind this change is that people should not have to give their consent for something they do not comprehend.
- Active Opt-Ins and Cookie Policies
Under the GDPR, the term personal data gains a very wide understanding. It includes not just a name, email address or phone number, but also avatars and usernames, location data (IP address) and identifiers in cookies.
Thus, in order to collect such data, users must offer their active and traceable consent. In the case of cookies, for example, it is no longer sufficient to display the message “By continuing to browse this site you agree with our cookie policy.” You will now have to ask people to click on or type something in order to provide their consent. The same thing goes for newsletter opt-ins.
- Each Type of Data Processing Requires a New Consent
Until now, it has been implicit that by signing up for a newsletter, a user agreed to receive other marketing messages or have their private data used for statistics, surveys, etc. Under the GDPR, this is no longer implied.
Whenever a company wants to use personal data for a new purpose than the one for which it obtained consent, it has to ask again for the person’s consent. This also applies for third party data collectors and processors.
- Re-obtaining Consent from Existing Users
It is likely that your company already has contacts from Europe in its list of subscribers or customers. Before May 15, you should contact all of them and request that they actively express their consent for receiving emails and being targeted by other types of online marketing messages.
- Notifications in Case of Data Leaks and Hacking
If your servers are hacked and your customers’ personal data are leaked or accessed by unauthorized persons, you are obliged to notify all your EU-based customers within 72 hours of this occurrence, as well as the authorities.
The GDPR seems to make life harder for small businesses, but in fact, it makes sense in light of the global trend that is demanding companies be more responsible and transparent in collecting and using personal data. In the long run, this will help your company become more reliable and trustworthy in its relationship with customers.