In April, the European Union passed the General Data Privacy Regulation. The GDPR goes into effect on May 25 this year, and is focused on the core issue of regulation that gives citizens of the EU more control on how their personal data is collected and used. This is especially critical if you market internationally, and your business may have already received GDPR compliance information, along with new terms and conditions to accept from companies supplying your marketing automation tools. The United States is also looking to implement similar laws.
There are quite a few high-level concepts to cover when talking about these new regulations, and fines for first offenses can be as high as €10 million – about $12 million – or two percent of worldwide annual revenue.
Data Collection & Retention – GDPR affects how data is collected and retained by businesses. This can range from in-store purchases to online shopping, video surveillance to email addresses. Any information that can be traced back to an individual is subject to this regulation. Many individuals like the benefits of marketing personalized to their interests, and targeted advertising is a boon to businesses as well. Rather than casting a wide net and hoping people respond, targeting advertising allows businesses to directly communicate with potentially interested customers. Think of Amazon: when you order a product, there’s usually a recommendation for related accessories, or a reminder when it might be time to re-order if the product is consumable. The primary driver behind GDPR is to give people a choice on what information is being collected, shared, and overall used. To comply with regulations, and to maintain a positive image in the minds of privacy-minded customers, the best practice is to not collect, store or share more information than is needed.
Documented Policies & Security – One of the foundational requirements of GDPR is for businesses to provide clarity and transparency on how collected information will be used. In addition, businesses must allow for easy opt-out any time the individual wants – rather than complex procedures and multi-step confirmation, think a one-click unsubscribe. Additionally, opting in must be explicit, and not purchased via bulk metadata or mailing lists. Data must be protected, and access limited to those deemed “custodians,” ensuring that information remains secure. Customer information must be protected, and emails containing any personal data must be encrypted.
Additional References – For the business owner, this means that a check with any marketing services you use is in order. Ensure that your providers of marketing automation, web advertising or similar services have documented GDPR information, and link to it on your website (and potentially even your email signature!). Additional information and checklists for compliance can be found here:
Think Through – Regardless if you have customers in the EU or not – there are some best practices for data collection, retention, protection and more in GDPR. If you sell and market to EU clients – implementation is mandatory. For other countries there are discussions for similar regulations. If you are using homegrown marketing automation – ensure you have a deep understanding of the regulation. If using off the shelf marketing automation tools – verify with the vendor, they are or will be compliant by the deadline. Do not risk a fine to your business.
About the Author:
Gregory Woloszczuk is an Entrepreneur and experienced tech executive that helps small business owners grow their top and bottom line. Gregory believes in straight talk and helping others see things they need to see but may not want to with a focus on taking responsibly for one’s own business. He and his wife, Maureen, started GMW Carolina in 2006.
Gregory has been fortunate to have been part of building teams for companies that went through hyper-growth as well as his own company. He also has experience in working through economic downturns and taking responsibility to fix what is in his control. The focus has always been working with partners, customers, and building a successful business channel. His range of experience includes marketing, sales, support, training, and operations. Gregory holds an MBA from Nichols College.