Understanding GDPR – the General Data Protection Regulation

What is GDPR?

GDPR stands for the General Data Protection Regulation, an updated law that regulates how companies use and store EU citizens’ personal data. These new regulations will become effective on May 25, 2018.

GDPR requirements apply to any business that operates within the EU, whether they reside there or not.

For example, an American-based company that ships worldwide and caters to the international market will need to become compliant with new regulations. Businesses that do not actively target consumers located in the EU may not have to follow the same guidelines.

Any business required to maintain compliance that fails to do so will be subject to penalties and fines.

The key requirements of the new GDPR include:

Required Consent

Consumers must give a business explicit consent to collect data. Businesses must also clearly outline how that data will be used and stored.

Mandatory Notifications

Under new regulations, businesses will be mandated to notify users if there has been a breach of data. This notification must include specific details of the breach, including the nature and approximate number of people affected. Businesses must notify consumers of a breach as soon as possible.

The Right To Be Forgotten

Consumers own their personal data. Because of this, they can now request a business to “forget” them, which gives a business guidelines on which data must be deleted and which can be kept and anonymized. Once a consumer has made this request, a business has 30 days to comply.

Data Assessments

Under the new regulations, companies are required to perform assessments to identify any possible risks to consumer data. Any risks that are found must properly be addressed.

How Can You Remain GDPR Compliant?

If necessary, there are several steps you will need to take to remain complaint with GDPR:

Determine Your Needs

If you don’t operate within or actively target E.U. consumers, you may not need to make any changes. However, if your business has an international presence, works with EU consumers, or plans to expand in the future—you may need to update your standard operations.

Update Privacy Policy

Your privacy policy must clearly outline what data is collected from consumers and how that data will be used.

Update Opt-In

Users must explicitly choose to receive emails—this doesn’t mean a pre-checked box that forces users to agree to unspecified terms or a complex legal document. The opt-in process must also clearly outline to consumers what data is collected and how it will be used.

Set-Up Export Process

Under GDPR, individuals can request access to the data being held about them. Due to this, it will be beneficial for all affected businesses to review their data export processes or set up a detailed and outlined process if one has yet to be created.

Contact Your Digital Partners

If you work with a digital marketing team, such as mXtr Automation, it’s time to give them a call. Not only do they have all the latest information about regulations, they can also help you ensure your website is compliant.

Have questions or looking for a digital partner that can help you through hurdles like GDPR? At mXtr Automation, we work with you to develop an effective and holistic approach to marketing—from email campaigns to legal compliance. Contact us today to schedule a one-on-one consultation.

Liked This? Then You’ll Love:




Recent Posts

Sign up for our monthly newsletter to get more tips and tricks straight to your inbox.