Important Compliance for New GDPR Regulations
The GDPR (General Data Protection Regulation) is requiring everyone who does business with anyone in the EU (European Union – see countries included below), to comply with their new Data Collection laws. This applies to collecting data for selling products or when signing up for your E-Newsletter when dealing with clients in the EU. The new laws go into effect May 25, 2018, and there are ridiculously stiff fines for businesses that do not comply.
We’ll try to simplify the new laws for you, the way we understand them, to the best of our knowledge. We are not attorneys. Please seek legal advice for a more accurate interpretation.
Consent Requires a Positive Opt-In. No Pre-ticked Boxes Allowed.
EXAMPLE: Newsletter signups MUST contain an ‘Opt-In’ Checkbox, and CANNOT be pre-checked. Your client must check the box themselves. Also, you CANNOT automatically sign people up for your newsletter when they purchase a product, they must Opt In to your newsletter by checking a box and agreeing.
Consent Requests Must be Separate From Other Terms & Conditions
EXAMPLE: If you offer a free whitepaper download, you have to add a separate option for them to sign up for your newsletter. You can not bundle the consents and assume they want to receive your newsletter.
Make it Easy for People to Opt Out
Every promotional email you send must contain an option to Unsubscribe – and it must be an Easy option where they don’t have to log in, or require more than verifying their email address.
Keep Evidence of Consent
If you’re using an email program Like MailChimp, than you will have a record in your account of when someone subscribed. Using double opt-in is a better way to go because you have two logs – original opt in time and verified email time, which is a more accurate proof of their opt-in. If you have signups from multiple sites, you must also keep a record of where they signed up from, and the wording used to get them to sign up.
Check Your Existing Signups
If you are already compliant and have used these practices before, you do not need to have everyone re-opt in. But if you are unsure, you should send out a re-permission email to make sure you are compliant with those you are unsure of. If you don’t get their permission, you must remove them from your newsletter email list.
TIMELY BREACH NOTIFICATION
If a security breach does occur, you have 72 hours to report the breach to your customers.
RIGHT TO DATA ACCESS
You must be able to give your customers any data you’ve collected/saved if they request it.
RIGHT TO BE FORGOTTEN
You must be able to delete your customers data if they request it.
Users have the right to their own data and must be able to reuse it elsewhere if they want. Not entirely sure how this would come into play, but am thinking that this may pertain to more of a social account similar to Facebook.
PRIVACY BY DESIGN
This is a requirement by a company to take security seriously and set up proper security protocols from the start on their servers including hosting servers, databases, and secure passwords.
Here’s some helpful links with more info:
Mailchimp offers GDPR-friendly forms now, as I’m sure Constant Contact does too, to make it easier for you.
The new rules go into effect this May 25th, so if you haven’t already made sure you are compliant, you should make this a priority.
EU (Europeon Union) Countries Include:
Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.