If your business offers goods and services in the European Union, you will know that compliance with the incoming General Data Protection Regulation (GDPR) is serious.
The GDPR is a new law that protects how businesses collect, store and use data collected on individuals.
What is the penalty for failing GDPR compliance?
From May 25 2018, everyone who keeps data records for individuals in the EU must adhere to strict protection laws. The price of failure to comply is steep: 20mill euros, or 4% of worldwide annual turnover, whichever is greater.
What is personal data in a GDPR world?
In a nutshell, the new GDPR laws state that personal data is anything that identifies an individual residing within the EU. The GDPR laws apply to any business that uses personal data in a way, including:
- Store personal data
- Organise personal data
- Collect personal data
- Modify personal data
- Transmit personal data
- View personal data
- Delete personal data
So what exactly changes with the new GDPR laws?
The biggest changes are around consent (how you get personal data), and a person’s rights around that data.
If you are using forms or lead boxes on landing pages or competitions, you will now need to change the way you get consent.
Good marketing automation platforms such as TractionNext will take care of these elements, however, “explicit” consent requires a double opt-in process.
This means using a form with an opt-in that users must tick themselves – no pre-ticked boxes are allowed.
Opting in for one specific form does not mean that a customer is opting in for everything you choose. For example, opting into a competition no longer means a user is opting in for your general marketing list, or indeed anything other than the competition – unless you provide individualised checkboxes.
This means that forms will now need a short description about how the data collected will be used, including links to full terms and conditions.
Current preference centres that will incur a fine
New GDPR compliant preference centre
Once they’ve submitted their personal information, they will need to confirm – a double opt-in.
This involves sending a confirmation email with an additional link to complete the final steps.
Individual rights just as important as consent
Data collected from customers and stored by your business must be accessible to customers if they ask. The appointed Data Officer in any organisation must be able to tell customers how the data will be used, or how it has already been used.
Individuals also have the “right to be forgotten”, meaning that all data must be deleted if requested.
How is Australia affected by GDPR laws?
Fortunately for many Australian firms, the GDPR requirements are similar to provisions in the Australian Privacy Act. That is a privacy-by-design approach that shows an ability to demonstrate compliance, with clear and transparent practices for information handling.
The biggest difference between Australian Privacy Laws and GDPR is the mandate. Australian Law does not mandate organisations to appoint a data protection officer, but GDPR laws do expect organisations to have a dedicated data officer inside whose job is to monitor and report compliance.
Alternatively, book a call with the digital experts at Traction to discuss taking your marketing automation to the next level.