Are You Ready for General Data Protection Regulation (GDPR)?

The General Data Protection Regulation (GDPR) is an updated data protection policy for information collected from subscribers located in the European Union (EU). Companies that collect data from subscribers who are located in the European Union (EU) countries at the time of signing up, need to comply with strict new rules about protecting customer data by May 25, 2018.

What types of privacy data does the GDPR protect?

• Basic identity information such as name, address and ID numbers
• Web data such as location, IP address, cookie data and RFID tags
• Health and genetic data
• Biometric data
• Racial or ethnic data
• Political opinions
• Sexual orientation

WHAT DOES GDPR MEAN TO YOU AS A SMALL BUSINESS OWNER?

GDPR applies to subscribers who reside in the European Union. You may wish to sort your subscribers by their geographic location. The GDPR requires proof of consent – but doesn’t define what is adequate proof of consent. There are not clear guidelines, but the proof of source is on YOU! The GDPR does not require double opt-in.

Small Businesses Must Provide …

Right to Access
If a subscriber requests a copy of the information you have on them, you need to be able to, and provide it to them.

Right to Portability
If a subscriber requests a copy of the information you have on them, you need to be able to, and provide it to them in a format that makes it easy for them to put their data into another system.

Right to be Forgotten
If a subscriber requests to be removed as a subscriber, you need to be able to, and remove them completely from all places where you may be storing their data.

CONFIRMATION OF SUBSCRIPTIONS

If you already have proof of subscription by your subscribers, and you only send emails to your subscribers via your newsletter, you do not need to reconfirm all of your subscribers.

WHAT IS REQUIRED ON YOUR WEBSITE FORMS

If you only use the subscriber information you collect to send emails, you only need to collect at least an email address in your website form.

You may wish to also tell your new subscribers how you will be using their information:

The information you provide on this form will only be used to provide you with updates and personalized marketing. Your privacy is important to us!

If you are ONLY using your subscriber information for sending emails to your subscribers, you may not need to update your current website forms. However, if you use your subscriber information for advertising, Facebook ads, remarketing, or sending texts, you may need to update your current website forms.

If you use the subscriber information you collect to both send emails and/or advertise on Facebook, send SMS texts, you will want to include check boxes (which cannot be pre-checked) with the following information:
__Email
We will send you occasional emails about promotions, new products and important updates to keep you in the loop.
__Customized online advertising
We will use your information to show you ads that are more relevant to you to improve your online experience.

ADDITIONAL CONSIDERATIONS FOR EU BASED SUBSCRIBERS

• Provide clear consent wording: Organizations are obligated to use clear, non-legalese language that allows the person to provide unambiguous consent. If your company collects personal information through a web form, clearly post how the information will be utilized.
• Include a cookie consent notice: As a best practice, include consent verbiage similar to the cookie consent notice on all web forms.
  • Example from the EU Internet Handbook: "This site uses cookies to offer you a better browsing experience. Learn more about how uses cookies and how to change your settings."
• Create an age-verification process: GDPR requires parental consent to collect or process the personal data of children under the age of 16. Create a dependent verification process such as a form and automated email notification to collect the parent's email and process a separate consent.
• Validate Country: Marketers should seek to ascertain whether a person's data is regulated by GDPR by adding a "Country" field to web forms. If at an in-person event, also ask for the individual's "Country".

UPDATE PRIVACY POLICY REGULARLY AND NOTIFY PROACTIVELY

Include clear privacy policy directions on the website, including what information is being collected, how data is stored and how to contact the organization.

Share this post!