GDPR: What marketers need to know now.

GDPR is pan-European legislation that harmonises data protection across all member states from 25 May 2018. It basically says

 If you store EU Individual data, the individual should be able to access it, retrieve it, change it or transfer it somewhere else.

Data is any information stored about EU individuals. Personal information like name, address and email address. Historical information like employment history, medical history and credit history. Company data, including information about staff, customers, account holders and suppliers. GDPR affects everyone, whether you are a large multinational corporation or a small corner shop with one employee. GDPR reshapes the way organisations across the EU approach privacy.

What marketers need to know now.

Consent must be transparent and obvious, not hidden behind walls of text or pre-ticked checkboxes. Proof of consent should be readily available and a Single opt-in approach should be avoided.

Now is the time to confirm GDPR consent whilst subscribers are active customers. Under GDPR, you may lose permission as inactivity is not considered consent under GDPR.

Personal data should be encrypted and not stored as plain text. When personal data is encrypted it is of no use without encryption keys.

The Right to be forgotten and data use will impact multiple marketing platform functions like survey responses and segmentation.

Cookie pop-ups

Few like the cookie pop-up and GDPR will see the end of this practice. Nonetheless consent to tracking must be clear and freely given. The current plan is that tracking should consider the browser settings. If consent is given, tracking should be clearly outlined in the privacy policy.

What are Sensorpro doing?

The Sensorpro marketing platform will help compliance with new options including:

Changes to subscriber data

Subscriber management tools to clean up lists and remove dormant or inactive contacts.

Signup forms won't allow pre-ticked options.

New options to reinforce permission.

Option for a survey response to be anonymized.

Easy reports to provide Subscribers with proof of opt-in or proof of form completion.

New Data at rest encryption option.

New streamlined signup process for your website.

Based outside the EU

If a company is based outside the EU but stores data belonging to EU individuals, they are also subject to the new rules. One of the key requirements is that if based outside the EU, they need to appoint a representative in the EU.

In the UK, there is legislation in the works to transpose GDPR into UK law post-BREXIT.

What rights do individuals have?

Individuals of the EU will have 8 basic rights under GDPR:

1 Right to be informed

2 Right of access

3 Right to rectification

4 Right to be forgotten

5 Right to restrict processing

6 Right to data portability

7 Right to object to direct marketing

8 Rights in relation to automated decision making and profiling

What are the penalties?

The maximum fines are up to €20 million or 4% of total worldwide turnover for very serious breaches. The fines are going to be proportional to severity and the maximum fines will only be levied in the most extreme of cases.

What marketers need to do next.

Examine your systems today and ask if each data item you hold on an EU individual complies with the 8 EU individual data rights.

Ask your cloud-based platform vendor where data is stored. If the data centre is based outside the EU, get explicit GDPR assurance and ask for their EU designated representative.

Ask us to complete a GDPR marketing audit for you. With our tools and processes, marketers can be assured of a healthy & compliant digital marketing capability for years to come.

Contact us for a free GDPR readiness consultation.

Get notified when we update this article.

 Preparing for GDPR includes Training for staff & management, so everyone understands the responsibility regarding the protection of personal data. The training should be relevant to their job, making it easier to apply it on a day-to-day basis.

Liam Lynch, L2 Cyber Security Solutions

 Online GDPR courses are available from Data Compliant including GDPR in practice (50 mins) and Recognising PII (15 mins). They use gaming techniques, making the learning experience engaging and fun.

Victoria Tuffill, Datacompliant

Quick wins for Sensorpro customers

1. if your signup form has pre-ticked boxes, untick them and make sure the language is clear. Get the new version for your account by contacting Support.

2. Know how to use the anonymise option in your Sensorpro surveys and proof of consent reports.

3. Plan to migrate to our new Data at rest encryption platform.

4. Familiarize yourself with the new GDPR options by joining the next webinar.