GDPR-The General Data Protection Regulation went into effect May 25, 2018.
The purpose of GDPR is to:
- Protect all EU citizen’s data privacy
- “Harmonize data privacy laws across Europe”
- Ensure that businesses and data processors using email marketing services maintain data privacy
Because it can impact you and your email marketing, here is a checklist to maintain compliance.
GDPR Checklist
-
Get consent
Obtain explicit permission from your subscribers.. Describe how you will utilize subscriber data, the frequency of the emails you will send and the type of created content you will send. Each purpose for the data use must be disclosed.
Subscribers need to be aware of what they are agreeing to when they give a positive consent.
2.Privacy policies.
Publish an updated copy of your public-facing privacy policies. You need to inform how you are using data that you have collected. Make policies clearly visible and easy to find by adding a link to them within the footer of your emails, website and signup forms.
3. Empower your EU subscribers
Enable your EU subscribers to access and understand your process for data requests. They have the right to opt out, make changes to their personal data, request copies of their personal data, or request that their data be deleted entirely from your records.
Document a process for EU subscribers to make such requests, and then communicate it through your emails and published public-facing privacy policy. Keep comprehensive records of how you collect personal data from EU residents.
4. Documentation
Document and store (for future proof) the nature of consent between you and your EU subscribers. This can be done by making the signup source in the subscriber data transparent, along with a copy of the signup form or data collection mechanism from which they provided that consent.
5. The Need for this process
Perhaps you are saying that your emails are being sent out only to prospective patients and readers locally and that you do not have subscribers from Europe in your demographics. However, when you publish content online and social media, you are making yourself and your information open to being subscribed from abroad.
In addition to this, it is good practice because the GDPR may be adopted here in the United States some time in the near future.
What about you?
Have you taken any steps yet to become compliant? Let us know in the comment box below.