A Briefer on What Marketers Should Know About the GDPR

Erin | 04.05.18

What is GDPR?
Here in the US, our current protocol for communicating via email is governed by CANSPAM. In Canada, by the Canadian Anti-Spam Law and in the European Union, by the E-Privacy Directive. However, as of May 25, 2018, The General Data Protection Regulation (GDPR) deadline for compliance will take in effect. From that date, companies that process personal data of EU residents will need to comply with the new standard for consumer data rights.

Advice: Take heed, as ignoring compliance will be at your own peril. Violators of GDPR may be liable up to 4 percent of their annual revenue.

Do I need to comply if we don’t do business in the EU?
Yes. A misconception is that the new regulation only effects EU companies. However, the GDPR applies to anyone, anywhere, who collects personal data from an EU citizen.

Advice: Review your website analytics and zero in on geography. Chances are your site is acquiring visits from residents of EU member states. Some of those visitors may have also converted into an opt-in for your e-newsletter (for example). In which case, you will need to confirm affirmative consent of those subscribers.

Also, keep in mind that while Europe has taken the lead on privacy regulation; US states are actively exploring similar legislation. California, for one, is currently reviewing proposals for a consumer privacy act that will enable its residents to control the use of, request insights on their data from companies.

What proactive measures should I be considering?
The most critical piece to the new regulation is the addressing the question of how to acquire and store “affirmative consent”. In other words, how to collect and track consent that is freely given, specific, informed and unambiguous. For a comprehensive explanation, you can read through the 39-page guide to consent provided by The Information Commissioner’s Officer of the UK (ICO).

  1. Make your subscription process uber clear. As marketers, we’ve become (a little too) blasé about general opt-in tactics for conversion - such as pre-ticked subscription check boxes. Under GDPR, marketers must clearly differentiate acceptance of their ‘Terms and Conditions’ and ‘Contact permissions’. Even further, subscribers must be able to express permission per communication channel (email vs. SMS vs post vs telephone).
  2. Rewrite your opt-in language to be as concise and clear as possible. You need to define how the data that you are collecting will be used.
  3. Ensure your email systems are secure. Under the new regulation marketers must be able to adhere to the “right to be forgotten”. Meaning you will need the ability to quickly find and edit email contacts. Now is the perfect time to review your email service provider (ESP) or marketing automation platform to ensure that they are keeping up with compliance-focused features.
Adopting the GDPR as a best practice is an opportunity to build authentic relationships with the people your business communicates with. If customer centricity is a priority for your organization, so should GDPR compliance.