GDPR Compliance And Your Business
No matter where your business is physically located, an online presence—a blog, an e-mail newsletter and list, a podcast, social media, a video channel, a website, and other published content—makes you part of a global network. This international access through the Internet means you and your business need to be aware of the European Union’s (EU) General Data Protection Regulation (GDPR).
What the GDPR is
The GDPR goes into effect on May 25, 2018. It is a series of regulations that govern how personal information must be handled. Lead generation, newsletter opt-ins, sales records—it doesn’t matter if the product or service is free or paid—are all to be treated with the utmost care. Client data must be protected and customers must be given multiple ways to check and delete the information a company has on them if they so desire. Personal data is any identifying information including but not limited to
• E-mail address
• IP address
• Personal preferences stored in cookies
• Phone number
• Street address or other location
According to MarTech Today’s Guide to GDPR—The General Data Protection Regulation, “the EU is aggressive about protecting consumer privacy…[and] recognizing that data can travel well beyond the borders of the EU, GDPR provides protection to EU citizens no matter where their data travels. This means that any company, anywhere, that has a database that includes EU citizens is bound by its rules. Businesses of all sizes are affected—from micro to multinational. No one is exempt.”
You can sidestep the problem by choosing to either block users from the European Union from accessing your online presence or stop doing business altogether. Klout, which routinely accessed social media data, will cease doing business on May 25, 2018. You can choose to protect privacy and adhere to the GDPR by
• Creating an easy-to-understand consent form that allows you to get written permission from anyone whose data you will have access to
• Providing a simple way for those who have previously granted permission for you to access their data to revoke their consent
• Encrypting data you collect
• Pseudonymizing individual portions of data—assigning anonymous name and location information, for instance—that can only be pieced back together with the correct key, like a closely-guarded birth date
• Setting up safeguards to alert you and your customers to a data breach within 72 hours
• Requiring parental consent for children up to age 16
How the GDPR will affect your use of Google
If you are using any Google products—analytics, AdWords, cookies, DoubleClickCampaign Manager, Tag Manager—to track the behavior of visitors to your site, especially if that data will be used to personalize ads, you must get your visitor’s permission. This is the updated Google policy:
“If your agreement with Google incorporates this policy, or you otherwise use a Google product that incorporates this policy, you must ensure that certain disclosures are given to, and consents obtained from, end users in the European Economic Area. If you fail to comply with this policy, we may limit or suspend your use of the Google product and/or terminate your agreement.
Properties under your control
For Google products used on any site, app or other property that is under your control, or that of your affiliate or your client, the following duties apply for end users in the European Economic Area.
You must obtain end users’ legally valid consent to:
• the collection, sharing, and use of personal data for personalization of ads or other services.
When seeking consent, you must:
• retain records of consent given by end users; and
• provide end users with clear instructions for revocation of consent.
You must clearly identify each party that may collect, receive, or use end users’ personal data as a consequence of your use of a Google product. You must also provide end users with prominent and easily accessible information about that party’s use of end users’ personal data.
Properties under a third party’s control
If personal data of end users of a third-party property is shared with Google due to your use of, or integration with, a Google product, then you must use commercially reasonable efforts to ensure the operator of the third-party property complies with the above duties. A third-party property is a site, app or other property that is not under your, your affiliate’s or your client’s control and whose operator is not already using a Google product that incorporates this policy.”
How the GDPR will affect your e-mail marketing list
If you have an e-mail newsletter, you should have already received permission to add people to your list. Under GDPR rules, you need to promote your newsletter to get explicit permission to add someone to your list. Signing up for a freebie no longer equals consent for additional mailings. You also need new consent forms from your European readers before May 25, 2018.
How to acquire permissions
Google provides concise how-to information for advertisers and publishers—those with blogs, websites, etc.—regarding gaining consent to meet GDPR requirements at http://www.cookiechoices.org/.
What to do now
Let Tate Design handle your copy development as you incorporate the necessary changes into your
• E-mail marketing
• Website copy writing
• WordPress blog
For more information on the new data privacy rules and their impact on online marketers and consumers, check out some links we found helpful below.
Google consent how-tos for advertisers and publishers http://www.cookiechoices.org/
Google EU user consent policy https://www.google.com/about/company/consentstaging.html
MarTech Today’s Guide To GDPR https://martechtoday.com/guide/gdpr-the-general-data-protection-regulation