What Your Fort Collins Business Needs To Know About GDPR
The time is nearly upon us. General Data Protection Regulations (GDPR) are coming to the United States, taking effect on May 25, 2018. Although this is a European Union regulation, it affects small and medium-sized business owners here in the US.
In a nutshell, GDPR will make marketers change how they seek, obtain, and save consent to use personal data from their customers. Businesses that rely on customer data for marketing—both electronically and directly—will need to comply with the new regulations.
So, how will these new regulations affect marketing Fort Collins businesses like yours? That’s a great question. Read on to discover more.
Email Marketing
According to Article 32 of the GDPR, email marketers will be required to obtain “freely given, specific, informed and unambiguous consent” from customers. Email marketers will need to shift their practices and provide new consumer opt-in permission rules, provide proof of consent storing systems, and provide a method by which customers can get their personal information removed from your database. These regulations apply to both B2B and B2C organizations.
Soft opt-in and opt-out systems are no longer allowed under GDPR, and there are new regulations concerning third-party data as well. Profiling customers is still allowed, but there will be specific data subject rights that must be honored under GDPR. For example, heat map tracking or even PPC advertising campaigns are subject to GDPR.
Steps to GDPR Compliance
So how do you know if your Fort Collins business is in compliance with GDPR?
To be extremely generalized, GDPR compliance means that you must be transparent with the data you’re collecting, why you’re using the data, and how you’re disposing of the data once it’s been collected. For those interested in understanding the nuances of the GDPR, here’s a checklist of actions to take to ensure you’re in compliance. Unfortunately, for most local business, the “gray areas” can become quite nebulous and quite confusing.
- Database audit. First, do an audit of your email marketing database. What information do you have on your contacts? Make sure you know where your contacts are geographically and that you’ve captured an audit trail of consent.
- Know your contacts and how you’ve obtained them. Again, make sure you know and can track of where your contact information comes from and how each contact made its way into your database.
- Go over your data practices, then disclose them to your contacts. Make sure your privacy policy is airtight: explain exactly how you collect, store, transfer, and process individual data, and ensure that your contacts have access to this information.
- Review any upcoming new initiatives. Make sure any new marketing initiatives are compliant now before they go live.
The GDPR applies to data collected before or after May 25th when it goes into effect, which means that you must have consent from everyone on your email contact list to prove you have the authorization to send email marketing campaigns.
You’ll also have to ensure that all unsubscribe processes are clear and include options for individuals to opt out of particular marketing communications and company communications. You’ll need to make sure you also include a contact return email address.
Direct Marketing and New Consent
Direct marketing (i.e., by mail or phone) is covered under the new GDPR and generally follows the same rules about consent and data use transparency. In short, you’ll have to obtain consent from customers, provide them with information about how their data is used, and give them clear opt-out options.
You likely won’t have to obtain new consent forms from all of your customers. If you’ve gotten consent for direct marketing campaigns that is up to the new GDPR standards, you won’t have to get consent again.
Still Confused About GDPR?
If you’re still confused about GDPR and whether or not you’re in compliance, you’re not alone. To complicate matters, sites like Google have sent out emails to site owners with Google Analytics that are full of technical terms most local businesses may not understand.
If you’d like the opinion of a web specialist, give us a call. We’re happy to set up a consultation to make sure your business is ready for the May 25th GDPR deadline.