Along with many of our clients, the Clear Digital team has been tracking the May 25, 2018 compliance deadline for General Data Protection Regulation (GDPR) launching in the European Union (EU). We’re a bunch of designers and developers, not lawyers, so don’t mistake this for legal advice, but we have put together a list for marketers to get a sense of whether they might face trouble if they don’t make some adjustments before the deadline:
If you or any of your website users or email recipients reside within the European Union (EU), you are responsible for compliance. Fines can be up to €20 million, or 4% of your company’s total global annual turnover.
This isn’t just about poor user information data capture…with GDPR marketers are expected to either be compliant with all users or have users organized such that EU-only users can be addressed separately.
After the deadline this will put you in violation. Present an unchecked opt-in box to EU users. Or better yet, provide unchecked opt-in to all users.
In order to demonstrate compliance, companies must maintain more-detailed records of user consent under GDPR. The user consent data could be especially problematic, and have many companies reaching out to users to clear up ambiguity in advance of the deadline.
This is one of the simpler provisions in the regulation, which requires details around data use to be explicit and in relatively simple terms. Include a required field for permission to collect and store personal data. The field should link to your privacy notice and require the visitor open your privacy notice to confirm consent.
Since the content doesn’t change often, if at all, it’s easy to forget your privacy policy page. Be sure it’s reviewed and updated for GDPR. Your updated page needs to include why data is collected and how it will be used — including IP and cookie information.
If you are using content gating to build a list of marketing leads — and the form information you gather isn’t required to deliver that content (such as an email address to deliver a link or PDF would be) — you’ll be in violation once GDPR takes effect. You either need to give access to your European visitors for free or block them completely to be in compliance.
Be sure you’ve covered your automated email bases. If you’re utilizing automated programs, you’ll want to make sure that all EU users have opted in to your program. If you’re not sure, consider a repermissioning campaign before the deadline.
Under GDPR, users who ask to have their data erased will need to have their data erased. If you don’t have a way to make this happen today, get it ready before the deadline.
Similar to the item above, GDPR allows users to request their data set and companies will be required to provide it. Not having the right setup to do it won’t be an excuse.
If this is the first you’ve heard of any of this, here are a few additional resources to help you get up to speed:
Also published on Medium.
From web design, CMS websites, applications, ecommerce, motion graphics and multimedia, graphic design, and print, to Internet marketing solutions, we’ve got you covered.
Clear Digital is a founding member of Myrious Group's expertise-driven agencies.
Myrious Group is an independent holding company enabling forward-thinking brands to achieve breakthrough performance through power of orchestration.
Visit Myrious.com
© Copyright 2024 Clear Digital, Inc., a Silicon Valley / San Jose Web Design Company. All Rights Reserved.
