Your business uses a digital marketing strategy in order to make connections with people who are interested in your products or services.
If you collect and use personal data in your digital marketing strategy, you need to be aware of the GDPR and how it will affect your business.
What is the GDPR?
GDPR stands for the General Data Protection Regulation. The regulation, created by the European Union, goes into effect on May 25, 2018. Basically, the GDPR ensures that people are in control of any personal data they choose to share with a company or business. Personal data includes name, email address, IP address, mailing address, phone number, etc.
Does the GDPR affect your business?
Although the regulation is from the European Union and only protects consumers from the EU, it is binding on any business around the globe that could potentially collect personal data from a person in the EU. Even if you don’t have any EU customers yet, if the opportunity is there, then you must be GDPR compliant.
The regulation not only applies to the personal data you will collect in the future, but also to the personal data you have collected in the past.
If your business does not comply, the EU regulators will be able to slap a hefty fine on your business which is not how you want to spend your hard-earned money.
What do I need to do about the GDPR?
Although I am not a lawyer and cannot guarantee these steps will give you compliance, based on the information I have at the time of this writing, the following steps will show you have taken initiative towards compliance:
- Terms of Service. Create a link to your privacy policy. Make the link clearly visible on the footer of your website. On your privacy policy include specifics about what data will be collected, how it will be used, and be clear that you will delete the data if they choose to withdraw it.
– Terms of Service need to be legally compliant. You can hire a lawyer to create one specifically for you or you could use a plugin that is GDPR compliant. Be transparent about how the data will be used. Use plain, simple language so there is no confusion. Include in the Terms of Service how long you will keep Google Analytic data. Clearly communicate the time frame. Six months is a good ballpark.
- GDPR Friendly Forms – Make sure there is a box that verifies when people click on a form that you are using this information for internal use. If you have a current form on your site, you will need to re-create the form and update the form on your website so it is GDPR compliant. For example – here is an article from Mailchimp on GDPR forms.
Newsletter Example. Ask current subscribers for consent to contact just to cover all your bases. Keep a record of the consent that was given in case you need to prove to regulators that it was given.
– Give people to chance to opt-in instead of opt-out. For example, if someone signs up for a freebie on your website and you would like to use the freebie as a chance to continue to email the person, you could provide a checkbox that allows them to opt-in for your email newsletter or special offers. The box cannot be automatically checked. The opt-in must be created in such a way that the person is the one initiating the opt-in.
You do NOT want to send unsolicited emails via a newsletter or from your website. Emails from your website may be sent from abandoned carts or chat boxes which you will want to make sure does not happen.
Example of a newsletter email that was really great.
(reminder: you’re getting this email as you’ve previously subscribed to NAME OF BUSINESS You can unsubscribe below at ANY TIME)
IN A NUTSHELL: You need to click that link below if you want news and updates from us in the future
If your inbox is anything like mine, this isn’t the first (or the last) email you’ll get about privacy policies and the GDPR. We’ve updated our privacy policies, but we’re not changing the fact that we’ve always protected, and continue to protect, your data and your privacy.
This GDPR stuff is important. Your privacy is important.
We’ve always tried to ensure we only send you emails if you’ve opted-in, but with the GDPR in-place, we have to be able to clearly report that you’ve explicitly opted-in.
So… in that light, if you want to continue receiving emails from us after May 25th, you’ll need to click that confirmation link below.
Wait! Before you click:
Clicking the link below:
– certifies you’ve read, understood and agree to our Updated Privacy Policy;
– re-confirms your newsletter subscription with us;
– means you consent to continue to receive our wonderful emails. 🙂
Remember, you can unsubscribe later at any time, from any of our emails. We only want you involved if you’re getting value from it!
Yes, I consent, and re-confirm my newsletter subscription!
Thank you for your time and we look forward to continuing our relationship with you 🙂
- Blog Comments. Turn off blog comments. When a person comments on a blog, their personal data is stored. Unless you have a significant amount of connections made through your blog comments, it would be best to simply turn off the option and delete past comments. Deleting the past comments also deletes any consumer personal data that had been previously stored.
– Allow easy access to unsubscribing. When someone unsubscribes, it is not sufficient to just mark a person as “do not contact.” You need to actually delete their personal data.
– Give the users the ability to download a copy of their own data. This may sound complicated, but plugins and fixes are in the works to make this easy for you.
- Website Security – If you have a data breach, you are required to communicate the breach to your consumers. The Pro version of WordFence is a good option for being GDPR compliant by providing protection from data breaches and by informing you immediately if any occur. Assistant Angel offers in-depth month website security for our monthly clients.
Another way to protect clients when visiting their site is to make sure the information collected is kept secure using secure passwords. Have a process in place to protect data on the site: security software, secure login/password protocols; GDPR Manager who oversees compliance.
What about the GDPR and Social Media?
Although sometimes we lament that we don’t have more control over how a particular social media platform works, when it comes to GDPR, we are thankful for all that goes on behind the scenes in a social media platform. It is not up to you to make the social media platform compliant with GDPR. When personal information is shared with your business page or profile, the GDPR compliance of the social media platform itself is sufficient.
Facebook has released this information about GDPR and ways to change your data retention on their site.
Of course, it would be helpful to reassure your consumers through your social media profiles that you have an updated Terms of Service and an up-to-date Privacy Policy since personal data privacy is a hot topic at the moment. You want your consumers to feel safe with your business.
GDPR – Which Sites Attract European customers?
Advertisers using AdWords will be required to obtain consent for the use of cookies where legally required and for the collection, sharing, and use of personal data for personalized ads for users in the EEA. This includes use of remarketing tags and conversion tags. Where legally required, advertisers must also clearly identify each party that may collect, receive, or use end-users’ personal data.
This means that if you’re using a Google product to track the on-site action of prospects in order to serve personalized ads down the line, you must acquire their consent to do so.
The EU Member States are:
§ Austria
§ Belgium
§ Bulgaria
§ Croatia
§ Republic of Cyprus
§ Czech Republic
§ Denmark
§ Estonia
§ Finland
§ France
§ Germany
§ Greece
§ Hungary
§ Ireland
§ Italy
§ Latvia
§ Lithuania
§ Luxembourg
§ Malta
§ Netherlands
§ Poland
§ Portugal
§ Romania
§ Slovakia
§ Slovenia
§ Spain
§ Sweden
§ UK
Even with the upcoming Brexit – the UK’s decision to leave the EU – the GDPR will still be introduced into British law as they will still be part of the Union when the law takes effect. It is also worth noting that GDPR standards are already being incorporated into UK law and they will remain as part of the law even when the UK is no longer in the EU.
What is My Next Step to be GDPR Compliant?
- Make sure your website has the latest version updated – ie WordPress came out with a MAJOR update on May 17th
- Ensure all of your plugins are also current.
- Google Analytics – choose how long you want clients data retained (14 months recommendation)
- Privacy Policy on website – https://www.codeinwp.com/blog/complete-wordpress-gdpr-guide/
How can I possibly get it all done?
Start with an updated privacy policy linked in the footer of your website and then go from there. Take it one step at a time. Website and plugin developers are hard at work to produce products that help your business work towards compliance. Stay tuned to Assistant Angel. When I come across a great product, I will gladly let you know about it!
Assistant Angel monthly clients will have our team manage and make these updates. We will be encouraging our clients to utilize what Google recommends and keep the data for 14 months.
Be patient with yourself and don’t get overwhelmed. Really, the GDPR is a good thing. You want your online presence to make a customer feel welcome and safe so they can focus on your marketing message instead of having to protect themselves. Consumers won’t hang around long if they think you might be the kind of company who sells their email address or spams them until the cows come home. Working towards GDPR compliance will enhance your overall digital marketing strategy.
If you have any questions about how to use your online presence to reach your consumers, I would love to work with you. Contact me to find out how I can help you stay ahead of the curve in the constantly changing world of digital marketing.
Special thank you to Terri Voltz at Current Marketing Services www.CurrentMarketingServices.com and Elizabeth Busch-Sandford at Candy Apple Design for their insight into this information.
About the Author
Angel Lebak is the owner of Assistant Angel – Digital and Social Media Managers. Assistant Angel is a virtual marketing team serving clients worldwide since 2009.
Angel’s passion for small business AND the admin/marketers who serve them, is seen in her latest venture: Business Marketing Angels. This monthly membership allows business owners and their admin/marketing team member to get monthly topic training and weekly support for marketing questions they may have.
Angel also offers Marketing Coaching and Consulting for companies on their current online marketing trends. Angel’s reputation precedes her and she is one of the rising voices in the admin and marketing arena. Feel free to contact Angel and her team of marketing ninjas here.