The General Data Protection Regulation (GDPR) is a new regulation under European Union (EU) law that aims to provide data security and privacy to all EU citizens and give them control over their personal data. Adopted on April 14, 2016, it is meant to replace the 1995 Data Protection Directive. It applies to any and all companies that handle the data of EU residents, even if the company itself is not based within the EU.
Enforcement of the GDPR started on May 25, 2018. Since it is a regulation—not a directive like the 1995 version—it does not require enabling legislation from national governments. This means it is directly binding and applicable.
Does your organization deal with user data as part of its regular business operations? Then you need to ensure your company is compliant with the GDPR by reviewing this GDPR compliance checklist.
Under the principle of data minimization defined in Article 5 of the GDPR, you can only collect and store data that is absolutely necessary for you to render your service.
If your business is carrying any consumer data that you don’t need, relay this information to your users and give them the option to have their personal data deleted from your system.
Article 7 of the GDPR states that a company must be able to demonstrate that subjects have consented to the processing of their personal data. Consent may be given via a written declaration and users have the right to withdraw consent at any time should they choose to do so.
The GDPR is retroactive, so it applies to customers you got in the past as well as those who become customers after the regulation comes into effect. This means that in order to comply with GDPR requirements, you must get the consent of your entire customer base. Prepare a GDPR consent template and consider the following:
1. Verify that you have your customers’ consent.
Check if your customers have been fully informed regarding the use and collection of their personal data, and that they have consented to such (in writing).
If you don’t have their consent, move on to the next step.
2. Execute an opt-in campaign.
An opt-in campaign is basically asking your customers for consent on the collection and storing of their personal data, which must be in writing as per GDPR rules.
What you can do is send your customers an email asking for consent and then putting “I agree” and “I disagree” buttons that they can click depending on their choice.
Even if you already have prior consent from your customers, it’s still helpful to your company to ask for it again. That way, you cover your bases with the GDPR and increase your customer engagement at the same time.
One of the goals of the GDPR is to give users control over their data. This is made apparent in Article 15 of the new regulation, which states:
“The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data…”
In terms of user control, your company can be GDPR-compliant by restructuring its data protection policy template to include the following stipulations.
It needs to be easy for your customers to unsubscribe to your mailing lists or any other offers. Simplify the process by making “Unsubscribe” buttons or links highly visible, since obscuring them from customers could result in hefty fines.
Customers should have the right to edit or delete their personal data at any time. If customers choose to have their data deleted, it should be removed from your systems permanently. Otherwise, your company could face not only financial penalties, but legal ramifications as well.
Article 15 of the GDPR explicitly states your customers have the right to obtain a copy of their data, which you must provide upon request. However, your company also has the right to charge a reasonable fee to cover any administrative costs.
If your company is like most other businesses today, then you utilize the services of one or more third parties. You need to make sure that all your vendors are also GDPR-compliant because you are responsible for your customers’ personal data.
Third parties include the providers of any software you use to process your customers’ data, the companies behind the marketing tools that you use, and even your website host.
Do you want to know how well your company’s inbound marketing strategy is performing? We can help you with our IM audit. Click on the button below to learn more.