Yes, the GDPR is here and it’s being talked about a lot…every day!
But now, your clients are asking you questions about it. You’re not a legal expert, you’re not a lawyer, heck…you’ve only been to Europe once! But even though you’re more the creative type, you still have to answer your clients’ questions.
Below is my attempt at explaining the GDPR in plain English. I tried to go to the heart of the matter, avoid legal jargon, exceptions and fine prints. I wanted it to be very practical so you can give clear, short and simple explanations to your agency’s clients. It is written as if you were talking to your client, the business owner.
Download the EBook
Profitability Made Easy
What is the GDPR?
The General Data Protection Regulation (GDPR) is the European Union’s new privacy law. Its aim is to give greater protection and rights to individuals in the EU in regards to the collection and use of their personal data.
Does it Apply to Your Business?
If your business has clients, customers or website visitors in the European Economic Area, you must be in compliance with the GDPR.
Also, if you collect personal data from European citizens (for example, a subscription form on your website) and/or, send them commercial emails, the GDPR applies to you and it is your duty to comply.
What do we Mean by Personal Data?
By personal data, we mean anything that can identify an individual.
- Postal Address
- Job Position
- Biometric data such as fingerprints and facial recognition
- Medical information
- Unique identifiers such as IP address, location data, email address, etc.
The 3 Actors of the GDPR
The GDPR makes the distinction between 3 actors.
Data Subject: The person whose personal data is being collected. That would be your users, website visitors or clients.
Data Controller: The company that asks its users, website visitors or clients for personal information. Your company would be the data controller.
Data Processor: A third party that processes and stores the data on behalf of the data controller.
What do You Face if You Don’t Comply
You could face a fine of 20 million euros or 4% of your revenue from the prior year, whichever is greater, as well as bad press and a potential loss of confidence from clients.
Recommendations for GDPR Compliance
- Document all the ways that your business asks for personal data (forms on website, membership form, quote enquiry, etc.).
- Clearly state how you use the data collected (next to online forms, in privacy policies, etc.).
- Keep the amount of personal information you ask to a minimum.
- Name someone in your company who is responsible for data collection procedures (Data Protection Officers).
- Only use reliable processors who are familiar with privacy laws (GDPR, CASL). For example, Cyberimpact for email marketing.
- Segment EU contacts in different groups or lists (in your CRM, Email marketing provider, etc.)
- Only add and email people who give you an express consent.
- Clearly state how people can see, modify and ask for deletion of the data you have on them.
- Consider conducting a compliance assessment with the help of competent professionals.
I truly hope that this information gives you more clarity and confidence to answer your clients’ questions and concerns about the new law on the other side of the Atlantic. The GDPR is now seen as the new standard for personal data protection and experts predict that many countries, including Canada and the US, will come up with similar laws in the coming years. So let’s get ready!
Marketing Director, Cyberimpact
Antoine Bonicalzi has occupied key roles in several agencies and has helped hundreds of small businesses succeed with digital marketing. Today, as the Marketing Director for Cyberimpact, his role involves communicating the secrets of email marketing to businesses and organizations through articles, training workshops and seminars.