Digital privacy is a real hot topic at the moment. We have Theresa May letting Internet Service Providers stalk your online behaviour and report back to the government and America imploding as Trump overturns internet privacy rules. But the EU is taking a real step in the right direction, introducing the General Data Protection Regulations (GDPR) to protect the privacy of individual data.
These rules may seem terrifying to us marketers, but as individuals I’m sure we can all agree that getting an unwanted email from an unknown sender is a rage-inducing experience. How on earth do these people even get your email address!?
The GDPR should be welcomed as a way of improving your relationship with subscribers. And don’t worry, you’ve got plenty of time to get your act together.
The GDPR will come into effect in May 2018 to formalise what should be some common sense data rules.
It will affect personally identifiable data which includes email addresses and cookies too.
The rules will apply to any email that is received by someone located within the EU i.e. the rules are applied based on the location of your recipient.
So no…Brexit won’t make us exempt. If you’ve got subscribers who could potentially be in the EU then you must be compliant. Equally, these rules are best practice already so this is your chance to get ahead of the game before we see any specific UK legislation introduced.
Under the GDPR you’re most likely the Data Controller, and an agency counts as a Data Processor.
Both parties have a responsibility to be compliant. So if we’re the ones sending your emails, start talking to us.
First off we need to talk about how you keep your data clean, how you collect it and what information you supply to us. Is there a way we can make this less admin heavy going forward with the above rules coming into place?
We then need to start contacting anyone you’ve identified as ‘stale’ data or as data where there is no consent on file. We’ll then try to rejuvenate this data and update your records.
Finally we need to need to collaborate and put processes in place to regularly review how we’re doing and plan tactics for keeping records up to date across both our systems.
The fines recently levied on Google and Microsoft surrounding data protection show that governing bodies aren’t afraid of enforcement.
The GDPR holds penalties of up to 4% of turnover or €20 million, whichever is greater. This the worst case scenario for unrepentant sinners who make no effort to change their ways, but there’s a sliding scale depending on the severity and type of breach.
You’ve got 322 days, 13 hours and 44 minutes (as of the time of writing) to get yourselves in ship shape.
If you’re worried about your data, don’t hesitate to get in touch with our team and we’ll help you plan for the GDPR.