GDPR: What Marketers Need to Know

GDPR, or to give it its full name, The EU General Data Protection Regulation, is a new European Union regulation designed to protect and empower all EU citizens’ data privacy and to reshape the way organizations approach data privacy.

While GDPR is a regulatory product of the European Union, it has potential implications for any business or organization (regardless of location) doing business with or holding data belonging to EU citizens.

Note: For the purposes of GDPR, data can relate to anything that can be used to identify an individual, such as a name, a photo, bank details, medical information, social media activities or an email address.

GDPR Best Practice

While GDPR might sound quite strict (click here for the full details of the regulation), at iContact we believe that compliance with GDPR, much like the recent CASL (Canada’s Anti-Spam Legislation), will actually help marketers maintain and improve their email marketing best practices and, as a result, help them deliver more successful campaigns.

The opinion that this type of regulation is a positive thing and should be replicated globally is increasingly becoming more apparent.

Mark Zuckerberg, CEO of Facebook, told a US Congressional hearing in the wake of the Facebook/Cambridge Analytica data mining scandal: “We believe that everyone around the world deserves good privacy controls. We have had a lot of these controls in place for years. The GDPR requires us to do a few more things and we are going to extend that to the world.”

If that doesn’t sound like a good enough reason to comply with GDPR rules, organizations found to be egregiously failing GDPR compliance could face fines of up to €20 million or 4% of their annual turnover, whichever is greater.

The Good News Regarding GDPR

The good news is, if you are already following email marketing best practices and asking your subscribers for permission to join your email lists via a subscription form on your website or requiring the subscriber to tick a box on your ecommerce site (and you can prove this ), you are well on your way to GDPR compliance.

Note: iContact clients can check their subscribers’ opt-in status via their account’s reports page.

After May 25, 2018, consent will be required for individual actions relating to client/customer data. For example, you will need separate lines of consent to target subscribers with an email newsletter or to run a report based on previous purchases in order to send them a coupon or specific offer. If you are not sure if you have full consent to manipulate data in such a way, it’s time to speak to your various technology vendors now.

Remember: If you transfer subscriber data to another system (for example, a CRM system, social media advertising platforms or paid search/re-targeting program), you should ensure that vendor is also GDPR compliant.

Assumed Permission

However, if you have built your lists based on assumed permission, for example, via previous purchases or other engagements (such as whitepaper downloads or webinar registrations) or perhaps by collecting business cards at trade shows or networking events, you may be in breach of GDPR rules. In such cases, you need to re-verify that your EU subscribers are happy to receive your marketing communications.

Subscribers who do not re-verify their permission should be removed from your lists before the deadline for compliance on May 25, 2018.

Consider This: If you collect email data as part of a lead generation or general subscription program, you may not know the geographic location of your subscribers. Therefore, it is imperative that you re-verify any subscriber details before the cutoff date.

Don’t Panic

Any new regulation, particularly one as far-reaching as GDPR, can be a worry for many small businesses — but the important thing is not to panic.

Scott Reese, operations and security engineer at iContact, said: “GDPR was not designed to stop business from taking place, it was designed to ensure that business continues to operate while protecting the individual’s right to manage their data in the way that they see fit. Considering the current global data climate, this symbiotic relationship will be key in iContact’s success moving forward.”

iContact has set up a dedicated support line to help marketers navigate the new GDPR regulations and guide future campaigns. This free advisory service is available to all businesses and organizations (you don’t need to be an iContact client) with concerns about iContact as it relates to GDPR.

For more information, please email: gdpr.help@icontact.com.

Read: iContact’s Statement of GDPR Preparedness

Editor’s Note: This story appeared on the iContact blog on April 12, 2018.