We’re one year into the GDPR Regulation taking effect, and many marketers here in the United States are wondering – what’s changed, and what hasn’t? Before we accuse GDPR of being the latest “Y2K” scare, we at KW2 believe that online data privacy is of the utmost importance. Whether you’re marketing to current or potential healthcare patients, parents, international students, using a high-tech CRM (like HubSpot or SalesForce) to reach people or communicating to a general audience, taking privacy seriously is important. And it’s only going to become more popular in the coming years.
In this article we’ll cover what the GDPR is, what we know now that the GDPR has been around for a full year, and what to do if you’re just not sure what to do.
The GDPR, or General Data Protection Regulation, was an attempt by the European Union to codify and enforce some basic best practices around data privacy on the Internet.
That was easy!
What user data can you store? Should users be able to ask for a record of their data? Can users ask you to hand over their data (Hey – I was using that!)? What happens when somebody’s data is used in a way that they didn’t intend for it to be used?
The regulation became enforceable in the EU in May of 2018, meaning corporations could be sued for violating the regulation starting at that time.
In short, the GDPR requires:
There are more details of course, but those are the big beats.
Your business is required to comply with the GDPR if you…
GDPR applies not only organizations located within the EU, but who either do our could do business with anybody in the EU. The only cases where GDPR law would not apply are if you truly collect no data from users (not even Google Analytics cookies or a Facebook Pixel), and/or there’s a 0% chance any of your visitors are located in the EU.
GDPR is meant to help users on the Internet. You, me, and all of our audiences—everybody. Because if your users’ data isn’t secure, then neither is your own. GDPR was originally drafted and enacted to help EU citizens take ownership of their own data privacy. But now that so many websites are asking us to opt-in to cookie usage, it’s apparent how many sites store traces of our information on a daily basis.
Having one set of rules to play by helps users approach all of their privacy considerations through one lens, rather than reading every site’s privacy policy. And it helps us marketers know we’re following those rules, avoiding fines and being above board on our data
Many bloggers predicted an onslaught of hefty fines as soon as GDPR took effect. While a few large corporations (Facebook and
Now that we’re back up to speed on what this regulation is, what has happened in the last year?
Well, for one, the sky didn’t fall. Mom and Pop websites didn’t get fined out of business. But, the big corporations didn’t get fined much either. Because everybody was incredibly compliant? Well, probably not. Remember, this sweeping change took effect across the entire EU and there are only so many regulators out there to help investigate and push these fines. We expect to see the requests and fines increase over the years as consumers have more help with enforcement and reporting.
If you do business with, or offer goods, services or information to, people in the EU, review the list of GDPR requirements and make sure you’re compliant. If you do business with folks in the state of California, their regulations are very similar. Shoring up your data practices is not only inevitable, it’s becoming law in more and more places.
Here are our top recommendations for marketers, but if you use and/or store a lot of user data, we also recommend you contact a GDPR consultant. If your company is large enough, consider hiring a data regulator to help you with all this.
If you need help reviewing your policies, adding a consent popup to your site or getting in touch with a GDPR consultant, please reach out to our digital team.