Do you have a website that gets visitors from the EU? If yes, you better make sure your site is compatible with GDPR. Otherwise, you could be in for a very nasty fine.
GDPR is a recent law on data protection and privacy that focuses on giving users greater control over how their personal data is used. For users in the EU, it is a welcome law that considers their IT security.
But for companies that market themselves online and who use data to effectively target their efforts, it means a whole lot of work getting an overview of all activities that involve processing personal data. However, this work is essential to ensure compliance with GDPR.
In this article you can read more about what GDPR is, how the law affects your online marketing, and what you can do to ensure compliance.
What is GDPR?
GDPR is an abbreviation of “General Data Protection Regulation”. GDPR is an EU-wide law designed to give European Union citizens more control over their personal data compared to before. The Act imposes strict requirements on transparency, documentation and consent for companies and organizations that operate in EU.
If you do not comply with the requirements, you risk huge fines of up to EUR 20 million or 4% of the organization’s overall global turnover, depending on what is greatest. GDPR is the most comprehensive initiative in the field of data protection for 20 years. The law came into force on 25 May 2018.
What does GDPR entail, exactly?
If you run a website that somehow serves people from the EU, you must, according to GDPR, obtain prior consent from your users if you collect and / or process any kind of personal data from them.
The consent must be given on a valid and informed basis. This means that one must describe the scope and purpose of the data collection in such a clear language that the users are not in doubt about what the personal data is used for.
Documentation plays a major role in GDPR. Here you must make sure to log all consents. The reason for this is so you will be able to prove that consent has been given.
At the same time, you must also document all tracking of personal data, e.g. which countries the collected data is transferred to.
How does GDPR affect online marketing and what can you do about it?
At the heart of online marketing lies the work of planning activities based on data collected from specific target groups. A data-driven approach to marketing ensures you an empirical basis for your work, enabling you to explore your digital potential to the fullest.
But as a marketeer, you are now required to declare any kind of data processing if you want to become compliant with the rules of the GDPR.
As mentioned in the introduction, it requires that you create an overview of where you collect data, and what for what purposes you obtain these data. Once you have uncovered this, you must ensure that your users can easily find information on:
- Who is collecting the data
- What the data is used for
- Who has access to the data
In the same process, you must also uncover which of your subcontractors collect data and whether their data processing takes place under compliant conditions.
Becoming compliant is not that difficult, so long as you incorporate it as a process in your daily routines. This way, there will never be any nasty surprises, and your users will always know what they are consenting to when using your site.
GDPR isn’t supposed to hinder your marketing efforts as the data law was made to protect the users. And as a marketeer, shouldn’t you always place your users’ needs above everything else?