What is the GDPR?
In May 2018 the European Union’s new General Data Protection Regulation (GDPR) law will become effective. While data compliance requirements and obligations have been in place since 1995, once implemented the GDPR will be the the most sweeping change in the data protection landscape in the past 20 years. If you think you’re immune from its impact, think again. Here’s why…
This law will affect any client who markets to a EU citizen, regardless of where your organization is located- or where that citizen is located. Therefore, if you have at least one EU contact within your databases, you need to pay close attention to the GDPR and your revised compliance obligations.
The protection of personal data is a fundamental right in the European Union and should be taken seriously if you handle data on EU citizens and residents.
“Everyone has the right to the protection of personal data concerning him or her”
Charter of Fundamental Rights of the European Union
A little background on the Charter of Fundamental Rights of the EU
Initially proclaimed at the Nice European Council in 2000, The Charter of Fundamental Rights of the European Union had no binding legal effect. But, on December 1, 2009, with entry into force of the Treaty of Lisbon, the Charter became legally binding on EU institutions and on national governments, just like other EU Treaties. The Charter enshrines certain political, social, and economic rights for European Union citizens and residents into EU law.
- all the rights found in the case law of the Court of Justice of the EU;
- the rights and freedoms enshrined in the European Convention on Human Rights;
- other rights and principles resulting from the common constitutional traditions of EU countries and other international instruments.
- The Charter sets out a series of individual rights and freedoms.
- The Charter is a very modern codification and includes ‘third generation’ fundamental rights, such as:
- data protection;
- guarantees on bioethics; and
- transparent administration.
To paint a clearer picture of the importance of compliance with the new GDPR, violating this Charter – and thereby EU citizens – would be the equivalent to violating the Constitution of the United States of America and the protections it provides to US citizens.
What’s changing with the new rules?
With the new changes, permissions and securities must be at the forefront of companies’ interactions. This is a concept known as privacy by design. This means that privacy and data protection will be part of a company’s core requirements and will lead the way in data collection and storage.
Under the new GDPR law, organizations must:
- Implement “Privacy by Default” and “Privacy by Design”
- Maintain appropriate data security
- Notify data protection agencies and consumers of data breaches
- Get appropriate consent for most personal data collection and provide notifications of personal data processing activities
- Get a parent’s consent to collect data for children under 16
- Keep records of all processing of personal information
- Appoint a Data Protection Officer
- Take responsibility for the security and processing activities of third-party vendors
- Conduct Data Protection Impact Assessments on new processing activities
- Institute safeguards for cross-border data transfers
- Consult with regulators before certain processing activities
- Be able to demonstrate compliance on demand
As mentioned, you should be taking these new rules seriously as the EU is taking these new rules very seriously. Failing to follow the new guidelines can come with a hefty price tag. In fact, if these new rules are not followed, a company can incur fines of up to 100 million euros or 4% of a business’ annual income.
While there’s no reason to panic, there is indeed a reason to prepare. The GDPR is sure to affect how marketers – worldwide – email prospects and customers not only in Europe but also around the globe. We’re here to provide you with the help you need to successfully move forward with your marketing efforts in the EU. If you haven’t yet made preparations, consult with your respective teams so that you can set your action plan in motion.
While we cannot provide you legal guidance for any compliance obligations, we do want to take a moment and update you on Act-On’s own progress to comply with the GDPR. Our preparations for the GDPR adoption began in earnest at the beginning of this year and will continue on into the unforeseen future. In our preparations to date we have:
- completed a thorough third-party assessment of our preparedness for the GDPR;
- completed employee training and awareness on the GDPR;
- assessed our product and functionalities for possible GDPR enhancements; and,
- proactively worked with industry, clients and partners to support GDPR awareness.
We’re committed to ensuring that our GDPR compliance will be in advance of the required date next year and are focused on taking all required steps to ensure success.
A few quick ways to get started right now:
- Reaffirm your current subscribers to opt in to your communication. This could be a tick box (no pre-checked boxes are allowed under GDPR), an email confirmation, or some other way of getting clear consent.
- Inform your subscribers EXACTLY what they’re signing up for. Allow then to set their preferences and be explicit. If it’s for a direct marketing campaign, let them know. If it’s a geo-targeted campaign, let them know that. Just because you HAVE data (like a postal code) doesn’t mean you get to use it.
- Make sure your data is stored safely. Talk to your suppliers. If you’re ever challenged by a consumer as to how, when, and where their data is stored, you want a fast, foolproof way of accessing and proving their information’s safety.
We’ve prepared a handy GDPR checklist in order to help you get started on becoming completely GDPR compliant. If you’re still wanting more, we recommend that you register for our July 12th webinar, Countdown to GDPR – Are You Ready?
For more information on the GDPR, visit this comprehensive website.
We’ll continue to communicate our progress on our own GDPR implementation as we move ahead finalizing our efforts. Please let us know if you have any questions or if we can help in any way.