What is it and why do you need to be concerned? Basically, it’s all about consent and did you obtain consent within the proper guidelines. It also requires the company to immediately report data breaches.
Here is the official definition:
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy (1).
Enforcement date: 25 May 2018 – at which time those organizations in non-compliance may face heavy fines (1).
Fines include up to 2% of total annual global revenue from the previous year (2).
Data privacy is a big deal. Even though you may not currently have clients or customers from Europe, even having one single European prospect in your email list can lead to a fine. With the data breach that is so prevalent here in the United States, it’s best to protect yourself and your customers now. It’s just a matter of time before the U.S. will mandate privacy regulations.
Here’s what you can do:
- Consent: Opt-in/Consent requests must be separate from other terms and conditions. Consent should not be a precondition of signing up to a service unless it’s for that service. It’s not one and done any longer. Each and every opt-in must have consent.
- Active opt-in: Pre-populated opt-in boxes are invalid. It’s best to implement a double opt-in feature.
- Named: Name your business and any third parties who will be relying on consent.
- Easy to unsubscribe: Tell people they have the right to unsubscribe their consent at any time, and how to do this. It must be as easy as it was to give consent.
Many email providers have implemented new forms and processes so that it’s easier for you to stay compliant.
Contact Savvy Outsourcing if you need assistance in getting your website GDPR compliant. We offer a free analysis and complimentary estimate.