Today marks 39 days until General Data Protection Regulation (GDPR) is instated in the European Union. GDPR aims to protect EU customer data from companies. Every company, regardless of where it is located, that collects data from European customers must comply with these regulations or face violation fines. A recent study by Campaigner, an email marketing company, found that 87 percent of marketers are unaware of how this law will affect them.
This law will change the way businesses collect, store, and delete the personal data of EU residents. Companies outside of Europe will be affected by GDPR even if they hold any EU resident data, and even if they don’t know they posses it. Twenty-two percent of organizations polled during the Campaigner study said they were unaware that they must comply with GDPR if they have European citizen data.
“The goal of GDPR is to protect consumer data privacy and ensure that people understand how their data is being used by companies. One best practice in email marketing has always been to use unchecked boxes when asking potential subscribers if they would like to receive more information about a company,” said Seamas Egan, director of sales and marketing at Campaigner.
To become GDPR compliant businesses need to receive permission to communicate with customers that is “freely given, specific, informed and unambiguous.” To do this, companies must add designated checkboxes during an email subscription process. Pre-ticked boxes need to be removed indicating agreement during this process and boxes cannot be combined. Forty-nine percent of marketers still use pre-ticked opt-out boxes which are prohibited under GDPR.
“This allows consumers to actively choose whether or not to share their personal information with a brand, which prevents companies from assuming consent. Not all email service providers currently practice this, but we expect the upcoming GDPR to help reinforce this moving forward,” said Egan.
Under GDPR, companies have to keep a record of consent for their subscribers along with how their information will be used. These regulations will help EU citizens understand how their information is being processed and utilized. Marketing language must be clear to ensure the customer knows data is being collected. Using wording like, “Yes, I agree to receive email and text communications on a weekly basis,” will help with compliance.
This new regulation also requires companies to remove all identifiable data from their databases if requested. The right to be forgotten clause will ensure personal information is wiped from company archives if needed. The Campaigner study found that 53 percent of organizations aren’t confident in their personal data processing, saying they are unsure if they have explicit permission.
Companies that handle large amounts of consumer data will be required to appoint a Data Protection Office under the new regulation in hopes of preventing cyberattacks and loss of private information. All companies will be required to report a data breach within 72 hours.
To ensure GDPR readiness, marketers should conduct an internal review of cybersecurity tools. Compliance will ensure transparency for consumers, safe cybersecurity standards, and no hefty fines. You can learn more about how to become GDPR compliant with the help of the graphic below, courtesy of Campaigner: