What marketers need to do now.

GDPR is pan-European legislation that harmonises data protection across all member states from 25 May 2018. GDPR reshapes the way organisations approach privacy and basically says:

 If you store data about an individual in the EU, the individual should be able to access it, retrieve it, change it or transfer it somewhere else.

Data is any personal information stored about an individual in the EU like Name, Home address, IP address, Phone number, Photograph, email address.

What marketers need to know now.

Consent must be transparent and obvious, not hidden behind walls of text or pre-ticked checkboxes. Proof of consent should be readily available and a Single opt-in approach should be avoided.

If you already have consent, there is no need to re-consent. Recital 40 provides for legitimate interest in the case of an existing customer contract or relationship.

Personal data should be encrypted and not stored as plain text. When personal data is encrypted it is of no use without encryption keys.

The Right to be forgotten and data use will impact multiple marketing platform functions like survey responses and segmentation.

Cookie pop-ups

Before GDPR, each country had a different implementation of the Cookie directive. For example, Germany had the opt-out method with some countries using browser settings for consent. After GDPR, there will only be one cookie law in the EU without any national margin for discretion when implementing the rules. Under GDPR, tracking must be clear and consent freely given. For the avoidance of doubt it is best to clearly identify all tracking cookies, including third-party, in the privacy policy.

Not just EU Citizens

GDPR applies to individuals in the EU (Data subject) not just EU citizens. So for example, a US tourist staying in Dublin ordering from a EU-firm online becomes a data subject.

What are Sensorpro doing?

The Sensorpro marketing platform will help compliance with new options including:

Changes to subscriber data

Subscriber management tools to clean up lists and remove dormant or inactive contacts.

Signup forms won't allow pre-ticked options.

New options to reinforce permission.

Option for a survey response to be anonymized.

Easy reports to provide Subscribers with proof of opt-in or proof of form completion.

New Data at rest encryption option.

New streamlined signup process for your website.

Based outside the EU

If a company is based outside the EU but stores data belonging to EU individuals, they are also subject to the new rules. One of the key requirements is that if based outside the EU, they need to appoint a representative in the EU.

In the UK, there is legislation in the works to transpose GDPR into UK law post-BREXIT.

What rights do individuals have?

Individuals of the EU will have 8 basic rights under GDPR:

1 Right to be informed

2 Right of access

3 Right to rectification

4 Right to be forgotten

5 Right to restrict processing

6 Right to data portability

7 Right to object to direct marketing

8 Rights in relation to automated decision making and profiling

What are the penalties?

The maximum fines are up to €20 million or 4% of total worldwide turnover for very serious breaches. The fines are going to be proportional to severity and the maximum fines will only be levied in the most extreme of cases.

What marketers need to do next.

Examine your systems today and ask if each data item you hold on an EU individual complies with the 8 EU individual data rights.

Ask your cloud-based platform vendor where data is stored. If the data centre is based outside the EU, get explicit GDPR assurance and ask for their EU designated representative.

Ask us to complete a GDPR marketing audit for you. With our tools and processes, marketers can be assured of a healthy & compliant digital marketing capability for years to come.

Contact us for a free GDPR readiness consultation.

 Preparing for GDPR includes Training for staff & management, so everyone understands the responsibility regarding the protection of personal data. The training should be relevant to their job, making it easier to apply it on a day-to-day basis.

Liam Lynch, L2 Cyber Security Solutions

 Online GDPR courses are available from Data Compliant including GDPR in practice (50 mins) and Recognising PII (15 mins). They use gaming techniques, making the learning experience engaging and fun.

Victoria Tuffill, Datacompliant

Quick wins for Sensorpro customers

1. if your signup form has pre-ticked boxes, untick them and make sure the language is clear. Get the new version for your account by contacting Support.

2. Know how to use the anonymise option in your Sensorpro surveys and proof of consent reports.

3. Plan to migrate to our new Data at rest encryption platform.

4. Familiarize yourself with the new GDPR options by joining the next webinar.