And even if your business is located in the US, Australia, Canada, etc., if you service just one customer in the EU, you need to be compliant with these new standards.
So let's take a look at what the GDPR means for your business and your digital marketing.
One of the biggest changes is going to have to do with customers opting in and out of your marketing emails. Essentially "implied consent" is no longer a viable option. Meaning that if you have a customer download a lead magnet, you have to also get their permission to send them marketing emails.
A good way to do this is by including a checkbox on your opt-ins that says they agree to receive marketing emails from your business, and if they don't check it, you cannot add them to your marketing list. Turning on double opt-in is another option, meaning a new subscriber has to click confirm in a follow up email to be added to your email list.
GDPR now allows people within the EU to request that all of their data be removed. This is different from before. Previously, you could mark someone off as "Do Not Contact" or "Opt Out," but this new change means you would have to completely delete or erase a person from your CRM or system.
One way to sort of "get around" the opt in rules is by saying that you're marketing to these people who have provided their email addresses with "legitimate interest." That legitimate interest can be as simple as to grow your business, to provide your email subscribers with value, and/or to market your products/services.
Although you need to ensure you're compliant in other ways, and this can tend to be tricky to prove if you do end up penalized, it is a good idea to lay all of this out without your privacy policy anyways.
Be sure to go through each and every opt-in form that you have on your website and other landing pages to ensure that it is GDPR compliant. Make sure you have a check mark for email correspondence or some type of disclaimer alluding to your privacy policy and how you handle opt-in data.
If your business uses an email marketing software provider or CRM, you need to be sure that you read their privacy policy and stay up to date on how they plan to be GDPR compliant as well. Since they are your data processor (you are the data controller), you need to make sure you are comfortable with the way that they are processing and housing your customer data. You don't want to be held liable for a mistake made by your data processor.
Luckily, these companies do understand the importance of these new regulations and most, if not all, have updated their software and their processes accordingly. It's still your job to make sure you understand these updates.
The GDPR is serious business, and it probably isn't going to be EU-specific for long. These regulations are the future for a better internet, and will actually help improve your marketing in the long run. Even if your business isn't in the EU, or you only service local customers, it's a good idea to put these standards into practice regardless.
After everything that has happened this year, it's better to be safe than sorry with customer data. Especially because the penalties for non-GDPR compliance can go up to €20 million or 4% of your business's annual turnover, whichever is higher.
So you don't want to be caught failing to comply with any of these new regulations. If you have any further questions about what the GDPR could mean for your business and how to stay compliant, contact us. We'll help walk you through it so you don't have to worry about penalties and the future of your digital marketing.