GDPR or General Data Protection Regulation goes into effect on May 25, 2018. Here’s a rundown on what it is and how to make sure you are in compliance.
GDPR is a new set of guidelines that dictate how both individuals and companies may acquire, utilize, store, and delete the personal data of European citizens. For most bloggers, this pertains to your email subscriber list.
Even if you are based in the United States, if you have any subscribers in the EU, you must be in compliance for face the penalties.
Every time you collect an email address, a name, home address or phone number, you are obtaining someone’s personal data. If any of those people are citizens of the European Union, you must adhere to the new rules. The GDPR updates protection laws and focuses on an individual’s rights and privacy. Here’s the four components of GDPR:
- Right to be forgotten within GDPR gives an individual the right to ask a company to delete ALL of the data that is associated with that person. If a user makes a request, you must delete all the data stored in your databases and anything else associated with the user.
- Right of access within GDPR allows a subscriber to inquire exactly how you are using their data. If a request is made, you’ll need to provide a personal data report to this individual.
- Breach Notification within GDPR means you have 72 hours from becoming aware of any breach of your webiste to notify customers.
- Right of portability within GDPR lets people request their data, which means you would need to download a file of all their data in a ‘commonly used and machine-readable format’.
The good news is that if you’ve used a mailing service like Mailchimp or Mailerlite, and you’ve been asking consent before you add someone to your email list then you are about 99 percent in the clear. If not, you’ll need to get permission from your subscribers. Some of the mail platforms have created templates for this purpose. If not, you’ll need to send an email out to your subscribers asking them to re-validate all their subscription to your email list.
Going forward, make sure you are getting both active and explicit consent.
- Active consent means your subscribers need to initiate their consent. You know how when you go to a site an the checkbox is automatically checked that you want to subscribe? Yeah – that’s not gonna be allowed anymore.
- Explicit consent means that you need to clearly communicate exactly what the user is agreeing to and why the data is being collected.
Your email service provider (ex Mailerlite or Mailchimp) can probably help make sure you are are in compliance with email marketing. Make sure you comply with the new GDPR rules or you can face stiff fines. Read more about GDPR here on Wikipedia.