If you’ve taken a look at your inbox anytime in the few weeks, you’ve probably found a few email updates letting you know services you use have updated their privacy policy or terms of service due to the GDPR.
Okay, so maybe we’ve all received more than a few.
WHAT IS THE GENERAL DATA PROTECTION REGULATION?
Enacted in April 2016, the GDPR protects the data of citizens in the European Union – though it isn’t enforceable until May 25, 2018. Personal data is being defined as anything that can identify the contact. Things like name, email, or address are the first things that come to mind. But even genetic or biometric information fall under the GDPR.
HOW DOES THE GDPR AFFECT YOUR BUSINESS?
Your company doesn’t have to be based in the EU to be subject to the regulation. If you process the data of EU citizens, the GDPR applies to you. If you are unsure about the location of your customers, you are better off being in compliance than risk being fined a whole lotta money.
THE GDPR OUTLINES THE KEY CHANGES TO YOUR CONTACT’S RIGHTS:
- If you learn that your company has a data breach, you must alert your customers within 72 hours.
- Your customers have a right to know how their data is being used. After all, if you gave people your sensitive information, wouldn’t you want to know where it’s going
- If your customer wants their data to be erased, they have the right to it. This isn’t just deactivating their account – it’s completely deleting the data
- Does your customer want a complete copy of what data you have on them? You need to be able to download a copy of their data and to provide them – in a format their computer can read.
Luckily, most email service providers have already begun making changes to their applications to allow their users to be in compliance with the GDPR when using their application. As a small business, it’s your responsibility to make sure this is the case.
One of the quickest wins a company can make to be compliant is to ensure consent. You must have explicit permission from the contact that you will be contacting them using their personal data. There’s no getting around it. Your customer must take an action to opt-in, such as clicking on a checkbox or confirming via double opt-in.
There is a lot that goes into being GDPR compliant – most of which is not covered in this post. But hopefully, it’s enough to get you started and on the right track to being compliant.
THE ULTIMATE LIST OF GDPR RESOURCES:
- EUGDPR.org: Get the skinny directly from the EU.
- MailerLite.com: Based in the EU, MailerLite knows what’s up with GDPR and how it can help you with your email marketing.
- Bronto.com: The email marketing giant answers commonly asked GDPR q’s.
- Mailchimp.com: Gettin’ ready for the GDPR – now with a handy-dandy PDF guide.
- Wikipedia.org: Because why not.
