Last Updated: May 23rd, 2018
Data protection is a crucial concern for internet users. The European Union (EU) considers the matter so important that the governing body has enacted legislation to its citizens. If you have users in one of the 28 participating states, these laws might impact you. Here’s a guide on the EU’s General Data Protection Regulation (GDPR) and how it affects your customers.
What is the GDPR?
The European Union wants to give the residents of its member countries greater protection of their private data. Many internet users don’t realize how unsecured the web can be. Anyone who does not use a VPN can have all of his or her personal information stolen online. Congress recently rolled back legislation that protected the online security of Americans.
The EU showed more forethought with its legislation. The General Data Protection Regulation, designed to provide strength and unity to data protection for EU residents, replaces the data protection directive that dates back to 1995. That’s an eternity on the internet. The GDPR is in a transition period until May 25, 2018, when the regulation becomes official. The new rules provide protection to all EU internet users. Companies will no longer have the ability to monitor and store every piece of private data they receive during sales engagements.
Anyone who does business in EU countries has to honor the rules of GDPR. Companies that have routinely captured data from clients must adjust their interactions. The GDPR requires that customers provide express opt-in consent, a key change from earlier laws. Prior to 2018, the EU had a soft opt-in approach that gave businesses plenty of ways to claim legal access to user data.
The New Opt-In Requirements
Moving forward, companies must meet the specific opt-in requirements of the GDPR. Called a double opt-in, the new process adds a second layer of confirmation. A business can still sign up customers to mailing lists by having them check boxes or fill out forms, but the customers will now have to provide a second confirmation. A business should send an email confirmation to the person who signed up.
Without the client’s follow-up acknowledgment, the company is in violation of the GDPR if it fails to follow these rules. Stiff penalties are possible. The EU will fine violators up to 4 percent of their earnings in EU countries. Any company with a tight profit margin could go bankrupt by failing to comply with GDPR.
How to Remain Current
If you generate revenue in EU countries, you don’t want to violate the GDPR. It’s a costly mistake. You should take a three-step approach to updating your current sign-up method for your mailing list.
The first step is to send a batch mailing to your current subscribers. Ask them to opt into your new and improved mailing list. You will need to send out multiple mailings to persuade most of your members. Even then, losing part of your mailing list is likely.
In step two, addresses these potential losses. The transitional law allows companies to buy data from its current subscribers. Do this, and ask the people on the list for email confirmation. They won’t realize your purpose is to re-subscribe them. Finally, in step three, craft an explicit opt-in statement for users to sign. Let them know you’re not changing anything, that they will retain the same rights as they did before. Users shouldn’t have a problem with signing up again.
The GDPR is problematic to your business unless you address it directly. Follow the tips above to restore your mailing list to double opt-in standards. That way, you avoid the risk of EU financial punishment and protect your business interests.
There is a lot more to GDPR than the consent rules as they apply to email marketing. Businesses also need to get ready for Article 28 with respect to their data sharing and Articles 15-20 on data subject access requests, for example. Don’t stop short and think that these 3 steps are all that need to be done!