May 25th 2018 is rapidly approaching and the new General Data Protection Regulation (GDPR) will be going into effect. The big question is are you prepared and more importantly is your historical data prepared?
But wait a minute, I thought the GDPR only applies to new contacts. That thinking would be incorrect. the GDPR applies not only to new contacts in your database but to your existing database as well.
Here are 9 reasons why you will NOT be able to use your existing database to market after May 25th 2018 when the GDPR takes effect.
- You did not receive explicit consent nor did you specify what marketing messages the contact will be receiving.
- You did not provide or cannot prove that you provided a clear explanation of how the data would be processed.
- You did not provide or cannot prove that you provided the contact details and identity of the controller.
- You did not provide or cannot prove that you provided the details of any recipients of the data including any third party systems where data is stored e.g. cloud-based email marketing or CRM systems, email providers, cloud storage providers.
- You did not provide or cannot prove that you provided the details of any countries to which the data will be transferred. It is often the case that data will reside on servers in other countries especially when using cloud service providers including those above.
- You did not provide or cannot prove that you provided the retention period of the data or the criteria used to determine the retention period.
- You did not provide or cannot prove that you provided the existence of the data subject’s rights (e.g. the right to be forgotten, the right to object, the right to data portability etc).
- You did not provide or cannot prove that you provided the right to withdraw consent at any time if relevant.
- You did not provide or cannot prove that you provided a statement about the right to complain to the Data Protection Authority.
When it comes to data and housing data on individuals in the EU and UK, the game has definitely changed. The good news is that there are steps you can take now to remedy this situation!
Here are 3 steps to take to get your self on the path to compliance now.
- Update all of your lead capture forms. (set clear expectations of what they are receiving and provide an uncheck checkbox for them to give consent)
- Document your data flow and track what the subscriber gave consent to at opt-in
- Get your data cleaned.
- Identify in your database all EU and UK contacts (there are services that can help you do this).
- Launch a campaign to those identified and non identified contacts to generate explicit consent to market.
The GDPR is here and is not going anywhere. Data protection and privacy is definitely a hot topic right now, not only for the EU/UK but globally. You need to take data privacy seriously as I estimate it will only be a matter of time until other countries like the US follow suit and launch new privacy laws.
Set the example with privacy rather than be made into the example!
Check out https://fundamental.marketing/services/gdpr/ to learn more about getting your data ready for GDPR.