Remember, if you are found to be in breach of GDPR, your company can be fined up to 5% of your global turnover.
Here are the main things you need to know about GDPR:
First, you must understand and record what 'personal data' you hold as a business, how it was captured, how it is held, how you use it, and where it is going. The GDPR defines 'personal data' as any information relating to an identifiable person. As well as apparent personal data such as email addresses, phone numbers, addresses etc. GDPR includes IP addresses, device IDs, location data and genetic/biometric data.
Scenario: Post 25th May 2018 - If you were asked in a court of law to prove how you obtained a customer's data, you should be able to confirm this. Did the customer opt in via a website? Did they visit your premises/store and opt in by signing something? If the customer made a telephone enquiry and left their email, did they consent to join a mailing list?
Consequences of the GDPR for email marketing: The main thing for email marketers to remember concerning the GDPR is a new definition of providing consent or using email marketing parlance: opting in.
Consent to process personal data must be "freely given" as an explicit "affirmative action."In other words, opting in is to be taken very literally regarding the GRPR.
Additionally, businesses will have the burden of showing proof that a contact has affirmatively opted in.
Passive opt-ins and opt-outs are no longer allowed.
Following this new definition of opting in, you can no longer use email addresses collected through a passive or opt-out process. Consent must be freely and explicitly received from the contact or customer through affirmative action. This means you can only legally use lists 100% opt-in if you can prove that those contacts provided their consent.
Existing DigitalFlare Client? - We are happy to check all forms on your website and advise if you have Passive opt-in or Opt-out forms. In such circumstances, we can change these forms to ensure you conform to GDPR practices.
One of the questions we've most commonly been asked in recent months is, 'Does the GDPR mean we have to get fresh consent from our entire marketing database?' In many cases, the answer is 'no' - though the explanation for this is not all that straightforward. We suggest you read the following articles, which offer a greater understanding of this and will allow you to draw your conclusions:
We always advise you to seek independent legal advice on such matters as circumstances will be unique to every company. However, if your data has not been collected consistently with post-GDPR requirements, we (DigitalFlare Ltd) advise you to request re-consent from your existing contacts.
Existing DigitalFlare Client? - If you decide that re-consent is the best way forward and are an existing client, we can help with this process and send new consents to your databases.
If you use a mail system such as "MailChimp" or "SendInBlue" to send newsletters and you would like to do this yourself, the following articles will help:
Over 90% of websites store information in peoples' web browsers using cookies- little data files. Some cookies can be 'essential' to the website function (i.e. eCommerce website shopping baskets), but there are also non-essential cookies which advertisers or third parties can use.
BBC Cookie Notice:
GOV.UK Cookie Notice:
On a secondary note, any data sent to Google should not contain PII (personally identifiable data) – data you can track back to an individual. This is best explained here: www.craftedatom.com/is-your-google-analytics-gdpr-compliant/
The above rules apply to other 3rd party tracking software, not just Analytics.
New data protection rules put more emphasis on online security. Any data submitted on your website must be encrypted, preventing it from being hijacked. An SSL certificate will ensure your site is encrypted, so if you do not have one already, ask your web developer to assist with this. If you are unsure whether or not you have an SSL certificate, look at the address bar of your browser when visiting your site. There should be a padlock symbol and a message stating that the site is secure and encrypted. If this is not present, get in touch with your web developer.
In addition to SSL, Under GDPR, you must demonstrate that you're implementing data protection by design and default. This could change everything from how you design databases to who gets access to data.
Existing DigitalFlare Client? - We can install an SSL certificate on your website if you do not have one. We can also advise you about individual security measures you have on your website and provide details about the security of your hosting package.
Please note: The above points outline some rules required to be GDPR compliant, but remember, it isn't only your website that needs to be respectful.
The content of this web page is a commentary on the GDPR, as DigitalFlare interprets it, as of the date of publication. This content is provided for informational purposes only and should not be relied upon as legal advice or to determine how GDPR might apply to you and your company. We encourage you to work with a legally qualified professional to discuss GDPR, how it applies to your organisation, and how best to ensure compliance.