What is the General Data Protection Regulation?
The European Union General Data Protection Regulation (GDPR) went into effect May 25, 2018. GDPR is a new privacy law that unifies the various email laws of 28 EU member states. It is designed to create consistency across all European countries for how email marketing takes place in the European Union.
While consistency of the law is good for email marketers, GDPR also includes changes we want to make our customers aware of.
For customers of DailyStory that are working with customers in the European Union you need to understand how this law impacts the data you collect and how to comply with it. Primarily how marketers find, collect, and record consent of email subscribers.
While DailyStory cannot enforce the compliance of our customers, we do include everything necessary for you to be GDPR compliant.
Please note, this is not an exhaustive analysis of GDPR. For more details please see the reference links at the end of this post. And, GDPR is different than California Consumer Privacy Act (CCPA). Make sure you understand the differences.
Below are the most important changes you should be aware of under GDPR.
Subscription Consent Must Be Freely Given
Subscription consent must be freely given. Simply put, this means subscribers must opt-in to subscriptions proactively.
For example, a simple way to approach this is to provide an un-checked checkbox that people can check to opt-in. What you can’t do is pre-check the checkbox.
Consent Must Be Easily Withdrawn
Current European Union email laws already require opt-out options for subscribers. An opt-out option must be included on email and cannot require the user to login or go through multiple steps.
All DailyStory emails contain an opt-out option in the footer of the outgoing email and an unsubscribe header. This opt-out link does not require authentication, but it does require a confirmation when the page is shown.
Evidence Of Consent
GDPR policy requires companies to keep evidence of consent. This means you must be able to prove who, when, and how consent was obtained along with a record of whether consent was ever withdrawn.
DailyStory keeps a full audit trail of all consent actions.
As Applied To Existing Consent
It’s important to note that existing subscribers (in the European Union) are not grandfathered into the consent agreement requirements stipulated by GDPR.
DailyStory customers may want to consider a consent campaign to reaffirm consent from subscribers in European countries.
Right To Erasure
No, we’re not talking about the popular 80’s band.
Instead the right to erasure replaces the previous law, a right to be forgotten. Subscribers may request for their data to be erased.
Customer profiles in DailyStory are maintained at our customer’s discretion. It is the responsibility of our customers to erase customer data if requested to do so.
The Penalty for GDPR Non-Compliance
Non-compliance with GDPR can result in fines up to €20 Million or 4% of a brand’s total global annual turnover (whichever is higher).
Policing non-compliance will be not be easy under GDPR, but it is in your best interest to become compliant.
General Data Protection Regulation Summary
GDRP is fairly easy to comply with and we recommend our customers do so. While policing violations will be difficult, the penalties are significant.
Additional Reading on GDPR
You can read more about GDPR from the links below:
- General Data Protection Regulation
- European Union GDPR Official Site
- The Privacy Advisor
- General Data Protection Regulation Wikipedia Page