After years of giving lip service about the need for better cybersecurity and consumer protection, many groups and organizations are getting serious about hack protection. This comes at a critical juncture when hacking has had a suspected impact on U.S. elections and is poised to cost over $2 trillion by 2019.
One governmental entity has already taken steps to try to protect consumers is the European Union (EU). That is why, in 2018, they enacted the General Data Protection Regulation (GDPR) that has the potential to impact everything related to your online business including your email marketing.
The GDPR Is In Effect
The GDPR officially went into effect on May 25, 2018, and it doesn’t just affect European companies, but instead focuses on anyone who does business with citizens of the EU. That includes anyone who does business online and deals with any and all European citizens. The new law is meant to regulate data privacy laws across all the EU member nations so that individuals have more rights over their personal data and how it is used.
It also holds the companies who gather and collect data responsible if they lose that data or have it stolen during a data breach.
The GDPR Defines Personal Data
If you do business in the EU, you need to know that they define personal data as “any information relating to an identified or identifiable natural person.” That includes:
- Name;
- Addresses (both street and email);
- Financial Information (including bank accounts and credit card numbers);
- Identification numbers (including social security numbers);
- IP address and corresponding geographic location; and
- Browsing history (including cookies).
This new law will hold you responsible for the loss of any data if your computer network is hacked. In fact, a company that loses this data can be fined between 10-20 million Euros.
Customer Rights Under The GDPR
But that isn’t the only thing that will impact your marketing campaigns. For instance, customers have the following rights under the law:
- They may ask for a copy of all data that has been collected on them and an explanation of how this data is being used;
- They may revise any of the data that has been collected on them AND they may request that their data be deleted;
- They may request that the use of their data be limited or restricted if they feel it has been obtained unlawfully; and
- They have the right to opt out of having their data used for marketing such as direct marketing emails or targeted marketing.
IMPORTANT: State Your Privacy Policy On Your Site
Obviously, this last part has major implications if you conduct email marketing with individuals in the EU. You absolutely must have a clearly stated privacy policy that reflects the GDPR policies including how you are gathering the data, what specific data you are gathering and what you intend to do with that data.
In these cases, it may be necessary to have your terms of service reviewed by a legal expert in international trade. You don’t want to get caught without the proper documentation to prevent you from violating the law.
As more small companies are setting up international business outlets using the Internet, it is becoming more important to ensure that your business is in compliance with international laws.
Your email marketing plan is an important part of your business model, and you shouldn’t be afraid of GDPR. Make sure that you have all of your documentation in order to protect your business. This way, you can continue to conduct your business and know that you are protected in the event of a data breach.