The European Union’s (EU) General Data Protection Regulation (GDPR) went into effect on Friday, following a flurry of activity that saw ad-tech companies around the world scrambling to ensure they were compliant with regulations designed to give internet users greater control over their personal data.
But what about marketers (like most Austin Williams clients) that are based in the United States and have little (if any) contact with EU citizens? While GDPR isn’t a requirement for US-based entities (yet), it’s still a good time to get out in front and bolster your online privacy protocols. Not only is Congress considering similar measures with the Social Media Privacy Protection and Consumer Rights Act of 2018, the recent hullabaloo surrounding Facebook’s well-publicized data “scandal” makes a proactive approach a sensible one.
Our recommendation is simple: Post a clearly defined, privacy policy on your website or the landing page to which you’re driving traffic. This policy should state how you’re collecting data, the data you’re collecting, as well as how you’re using and storing it.
While we’d never give legal advice (and this article should not be considered such), we’ve gotten questions about GDPR from several clients and thought we’d share some of the recommendations recently included in an article by SharpSpring, one of our content marketing platform partners:
- Update your privacy policy so that it reflects the rules and requirements of the GDPR; see Article 13 and Article 14 for specifics.
- Provide individual consent. Under GDPR, you must prove whether or not email recipients consent to the communication you’re sending them. Features like double opt-in and confirmed opt-in provide those records.
- Establish and reestablish consent. Consent can be revoked so it’s recommended that you send a reconfirmation email to a recipient with low engagement—one who hasn’t opened an email visited your website or completed a form in some time.
- Make unsubscribe footers visible and accessible. Include a conspicuous unsubscribe link in the footer of every email communication to ensure recipients can opt-out of receiving future ones if they so choose.
- Ensure all third-party services are compliant. Validate that any services you’re using such as an email marketing or content marketing provider are GDPR compliant—or, at minimum, adhere to strict privacy and protection standards.
Again, GDPR isn’t a “thing” for marketers with little or no contact with EU audiences yet, but it’s never a bad thing to take the necessary steps to position your organization as one that proactively protects its constituents’ data—especially in today’s privacy-focused environment.
