There has been much recent talk about the new General Data Protection Regulation (GDPR) and how it will affect the digital marketing strategies of every business. This data privacy regulation will become fully effect on May 25, 2018, and those that are not in compliance could face heavy fines.
What exactly is the GDPR? According to EUGDPR.org, GDPR replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. It is the most important change in data privacy regulation in the past 20 years, so it is crucial to know how to comply with these new regulations.
How will this affect your financial firm and its marketing strategy?
While these new regulations are currently only dealing with EU data, it is important for all US businesses to start complying with GDPR. Since everyone throughout the world has access to your website, you want to ensure that you are following the proper protocol for countries outside of the US as well. Many authority figures in email marketing are encouraging all US businesses to actively attain proven consent from individuals when they use their personal contact data.
GDPR applies very specifically to email and digital marketing. These marketing strategies are based on personal data and contact information such as name and email address. Under the GDPR, proven consent is required when doing any sort of data processing, especially that which involves people’s personal information. To have proper consent transparency and clear language is needed so that the individual knows to whom and why they are giving out their personal information.
When giving out any of their personal information, the individual must be able to actually choose and provide their consent. This means that in the form that is gathering the contact information, there must be a check box that allows them to give their consent. The box should not be prechecked for them, because then they are not actually confirming their consent. Giving consent should also never be a requirement in order for them to complete an order or receive a service from your financial firm. They need to freely give their consent for you to collect and process their personal data.
ActiveCampaign gives an example of what the form should look like in order to have the correct consent.
If you have not followed these standards, you may need to go back and have your contacts reconsent in order to ensure that you are complying with the GDPR. And you want to make sure that anytime your company collects information going forward that they follow the GDPR requirements.
Not only do you want to make sure that you have proper consent, but you also want to have a copy of each individual’s consent information so that your financial firm can provide it if it is requested. Certain email systems, such as ActiveCampaign, through their forms are able to keep a good record of all of the consent information. It keeps track of the date of consent, what they consented to, and all of their personal information. This is a good way to stay organized and be able to prove that consent was given if it is required of your financial firm.
If you are unsure if your company is properly complying with the new GDPR standards, we will take a look at your data collecting process at no charge. Sign up here to schedule an appointment.