The General Data Protection Regulation (GDPR) is a regulation that is being enforced on 25th May 2018 which requires businesses to strengthen and unify their data protection process to protect personal data and privacy of EU citizens. So, if you’re fed up of signing in on a Monday morning and receiving hundreds of non-related ‘junk’ emails, you are in luck! The new regulation means companies will have to get you to opt in at least twice if they want you on their mailing list. However, if your company or role relies on obtaining information of your prospective clients you need to start the double opt-in process now with your existing data to maximise potential.
Currently, the UK operates under the Data Protection Directive, which has a ‘soft’ opt out approach. Examples of ‘Soft’ opt-in approaches include information that has been collected from communication with customers, tradeshows, exchange of business cards or a simple one check box for signing up has allowed companies to market products and services to this data.
Under the new legislation, consumers will have to opt-in twice in order to receive continuous streams of marketing material. This could be presented as a form or a box that has to be ticked but then it MUST be followed up with a further email to confirm it was them. This has to be ‘freely given’ rather than being under the duress of not being able to access your services. Although this double opt-in approach will be a time-consuming process and limits your marketing department to a number of people they can communicate with, it does mean that when a marketing campaign is sent it will be digested by the correct target audience.
Definition of GDPR?
The General Data Protection Regulation (GDPR), agreed upon by the European Parliament and Council in April 2016, will replace the Data Protection Directive 95/46/ec in Spring 2018 as the primary law regulating how companies protect EU citizens’ personal data. Companies that are already in compliance with the Directive must ensure that they’re compliant with the new requirements of the GDPR before it becomes effective on May 25, 2018. Companies that fail to achieve GDPR compliance before the deadline will be subject to stiff penalties and fines.
Why was GDPR drafted?
There are two reasons that drove GDPR to be drafted, firstly the EU wants to provide businesses with a clear and simple legal environment, making data protection law identical throughout the EU.
Secondly, people want more control over their personal information and how it is used and shared. With technological advances being made on a daily basis and the internet and cloud technology producing new ways of exploiting people information a trust issue has arose. Ultimately GDPR pursues to address this by introducing the new strengthened data protection legislation and tougher enforcement measures.
Who does it apply to?
GDPR will apply to any business that stores or processes personal information about EU citizens. Even if a business does not have an EU presence, it will still apply to any information they store about a EU citizen.
When will it apply?
Friday 25th May 2018
What information does it apply to?
• Racial or ethnic data
• Sexual orientation
• Web location
• IP address
• Cookie data
• Identity (name, address and ID numbers)
• Health and genetic data
• Political opinions
Don’t waste any time…..
Start now and educate your current contacts about the changes regarding GDPR and what they will be missing out on if they don’t opt-in with your company.
It’s also recommended and best practise to follow up your opt-in email with a reminder- better to do it now before the legislations come into practise.
When emailing your current contacts, don’t make it difficult for them. Inform them of exactly how the information they are providing is going to be used and what for. The simpler the explanation the higher chance you will have people opting-in.
Are you opting in?
Now the shoes on the other foot, YOU are the consumer! Will you be opting in or out? What will be the main variables to sway your decision?