Last Call for GDPR
On May 25th, 2018, the General Data Protection Regulation (GDPR) will go into effect. This new regulation makes some significant changes to data privacy and individual rights for people in the European Union (EU) and affects businesses around the world.
Speculation about GDPR has caused some worry among business owners. To add to the GDPR stress, there is a lot of conflicting and misinformation out there.
Note: This article does not constitute legal advice. Consult with professional legal counsel to make sure you’re compliant with all GDPR regulations.
The burning questions:
Do I have to comply with GDPR even if I’m not in the EU?
Yes, GDPR applies to all companies that control and process EU data, no matter where your business is. That includes you if you collect the email addresses of any EU citizens (for your newsletter for example).
GDPR applies to:
- All EU based entities and individuals, and
- All entities and individuals (whether located inside or outside the EU) that collect, process, and/or use the personal information and data of individuals located inside the EU.
As defined by GDPR, personal data is any information that:
- Directly identifies an individual (including but not limited to names, physical addresses,
and email addresses)
- Indirectly identifies an individual (including but not limited to IP addresses, social media information, and financial information)
Can I still provide an offer (lead magnet) in exchange for someone’s email address?
You sure can. You just need to get their consent to send the lead magnet, AND get their consent to follow up with marketing emails. Just because someone requested your free offer doesn’t mean they also consent to receive your newsletter.
Does this mean I can no longer do business with or send my newsletter to clients in the EU?
The GDPR requires you to get explicit consent before collecting email addresses or sending any marketing emails to EU citizens. A lot of people have jumped to the conclusion that they need to avoid email marketing to the EU or block website visitors from the EU, or risk hefty fines. But, that’s not the case.
Fresh from GDPR, here is what is defined as consent:
“Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
However, the GDPR doesn’t tell you exactly how you need to obtain consent. The easiest and most practical way is to always ask for explicit consent.
Here are a few easy ways to implement GDPR:
1. The Re-Consent and Double Opt-In Method
This is the approach a lot of businesses are taking – to get consent via email: a “re-consent” email to existing subscribers, and a confirmation email to new subscribers after they have provided their email address on your opt-in form. The confirmation email is used to gain explicit permission to send marketing emails. This method is often referred to as double opt-in.
2. Using a Required Checkbox to Get Consent
The most preferred and unobtrusive method is to use Geo-targeting. This requires the opt-in program or mail services you are utilizing to offer geo-targeting capabilities. Using this method you can easily include or exclude the entire EU at once for each opt-in offer you create.
That means you can require EU visitors to complete the double opt-in process, while adding visitors in other countries to your list right away.
We hope this information provides some clarity and practical information on the new GDPR guidelines.