Tampa, FL: 813-818-0682, 1-855-WEB-GODS steph@offthepagecreations.com

Important Compliance for New GDPR Regulations

The GDPR (General Data Protection Regulation) is requiring everyone who does business with anyone in the EU (European Union – see countries included below), to comply with their new Data Collection laws. This applies to collecting data for selling products or when signing up for your E-Newsletter when dealing with clients in the EU. The new laws go into effect May 25, 2018, and there are ridiculously stiff fines for businesses that do not comply.

We’ll try to simplify the new laws for you, the way we understand them, to the best of our knowledge. We are not attorneys. Please seek legal advice for a more accurate interpretation.

OBTAINING CONSENT

Consent Requires a Positive Opt-In. No Pre-ticked Boxes Allowed.

EXAMPLE: Newsletter signups MUST contain an ‘Opt-In’ Checkbox, and CANNOT be pre-checked. Your client must check the box themselves. Also, you CANNOT automatically sign people up for your newsletter when they purchase a product, they must Opt In to your newsletter by checking a box and agreeing.

Consent Requests Must be Separate From Other Terms & Conditions

EXAMPLE: If you offer a free whitepaper download, you have to add a separate option for them to sign up for your newsletter. You can not bundle the consents and assume they want to receive your newsletter.

Make it Easy for People to Opt Out

Every promotional email you send must contain an option to Unsubscribe – and it must be an Easy option where they don’t have to log in, or require more than verifying their email address.
RETARGETING / REMARKETING: If you use Retargeting or Remarketing, you must include a link to opt out of it in your privacy policy. More info here.

Keep Evidence of Consent

If you’re using an email program Like MailChimp, than you will have a record in your account of when someone subscribed. Using double opt-in is a better way to go because you have two logs – original opt in time and verified email time, which is a more accurate proof of their opt-in. If you have signups from multiple sites, you must also keep a record of where they signed up from, and the wording used to get them to sign up.

Check Your Existing Signups

If you are already compliant and have used these practices before, you do not need to have everyone re-opt in. But if you are unsure, you should send out a re-permission email to make sure you are compliant with those you are unsure of. If you don’t get their permission, you must remove them from your newsletter email list.

Privacy Policies

You must have a privacy policy, state what data you are collecting, and state how you are using that collected data. If you are using a third party like MailChimp, than you should state that, and include links to THEIR privacy policy and terms of use. Your privacy policy link should be where people sign up for downloads or newsletters and easily found on your website. When you update your privacy policy you’re supposed to send a notification out to your current customers about the revised policy.
Our new privacy policy is here.

TIMELY BREACH NOTIFICATION

If a security breach does occur, you have 72 hours to report the breach to your customers.

RIGHT TO DATA ACCESS

You must be able to give your customers any data you’ve collected/saved if they request it.

RIGHT TO BE FORGOTTEN

You must be able to delete your customers data if they request it.

DATA PORTABILITY

Users have the right to their own data and must be able to reuse it elsewhere if they want. Not entirely sure how this would come into play, but am thinking that this may pertain to more of a social account similar to Facebook.

PRIVACY BY DESIGN

This is a requirement by a company to take security seriously and set up proper security protocols from the start on their servers including hosting servers, databases, and secure passwords.

Here’s some helpful links with more info:

https://www.coredna.com/blogs/general-data-protection-regulation

https://litmus.com/blog/5-things-you-must-know-about-email-consent-under-gdpr

https://www.ngdata.com/gdpr-compliance-guide/

Mailchimp offers GDPR-friendly forms now, as I’m sure Constant Contact does too, to make it easier for you.

The new rules go into effect this May 25th, so if you haven’t already made sure you are compliant, you should make this a priority.

EU (Europeon Union) Countries Include:

Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.