As this business week comes to a close, much has been written about the upcoming General Data Protection Regulation (GDPR), which is a new regulation in EU law on data protection and privacy for all individuals within the European Union. While the law originates in the EU, it also addresses the export of personal data OUTSIDE of the EU. The regulation has already been adopted and will become enforceable beginning on May 25, 2018.
As the compliance date rapidly approaches, many organizations are scrambling to ensure that their marketing efforts will fall within the scope and compliance of the GDPR. There are some steps you should take now to ensure basic compliance, including:
1. Modifying pre-ticked checkboxes during the email subscription process. Pre-ticked boxes indicating agreement during the subscription process must be updated so that only the consumer themselves can manually tick the box, and therefore give explicit permission to subscribe or agree to receive email communications.
2. Keep a record of all email subscriptions. The new regulation puts the burden of proof of subscription on the organization, and requires that a timestamp record be stored for each subscriber.
3. Use simple language. Simply put, clear and plain language must be used at all times when collecting and displaying personally identifiable data. All corporate speak and jargon must be pared down to simple statements such as “Yes, I agree to receive email communications on a weekly basis”.
4. Purging unsubscribed user data. Organizations will be required to anonymize or remove all personally identifiable information if requested from their databases.
5. Appoint a Data Protection Officer (if needed). The EU is now requiring companies that handle large amounts of consumer data to appoint a Data Protection Officer. In addition, all companies will be required to disclose a cyber breach within 72 hours.
Next Steps (Enter Wave Motion Digital)
We understand that the GDPR is a pretty big deal, and we want to make sure you are fully compliant come May 25th. If you have any questions or would like to ensure that your web site is ready for this big change, please give us a call or email us. Whether it is consulting advice or development to bring your site up to the required standard, we have been working with our clients to achieve GDPR compliance, and we are ready to work with you to ensure that your site passes the GDPR test with flying colors.