Are you ready for the next chapter in data privacy regulation? The EU General Data Protection Regulation (GDPR) goes into effect May 25, 2018, and adds new requirements for organizations regarding the collection, storage, and administration of personal data for EU residents.
“Great,” you think, ”I’ll add that to my already too-long list of critical issues that I need to research so I can formulate a strategy to mitigate risk!”
SmartAcre® can help. Here are a few FAQs to help B2B marketers plan and prepare for GDPR. These FAQs, which include a strategy to begin addressing the new regulations, will help you determine the impact this will have on your 2018 lead and demand generation strategies. For more info, download our full GDPR compliance guide to learn the steps you need to take to be in line with the new regulations by May 25th.
NOTE: We admit we are not lawyers; but we have done a fair amount of research on the topic of GDPR for our clients. The purpose and intent of this article is informational in nature, and we encourage you to seek legal counsel for your business’ specific responsibility regarding this upcoming regulation.
Who is affected by GDPR?
It’s a pretty safe bet that YOU are. Any organization that collects data from residents of the European Union (whether knowingly or unknowingly) is affected. It is important to note that your organization does not need to be physically located in the EU.
What data does the GDPR cover?
The GDPR regulates the “processing” of personal data — including its collection, storage, and transfer. The general definition of personal data is extremely broad and includes any information related to identifying an individual.
What is changing from the current regulations?
What does this mean for me?
It means you can only send emails to people who have “freely given specific, informed, and unambiguous” consent to be marketed to by you. List buyers: let that sink in. While this isn’t new ground, the specific requirements for marketers are much more precise.
For instance, you must inform subscribers about the purposes of collecting personal data, and you need to clearly document when and how you obtained consent from your subscriber. Practically speaking, that means every data collection form needs to be updated to be compliant and, moving forward, you must have a double opt-in process. If you fail to meet these new requirements, you could be fined up to €20 million or four percent of your company’s annual revenue (whichever is greater).
Is this going to impact my lead generation funnel?
Definitely. You should expect list growth to slow and administrative complexity to increase. However, there are smart things you can do (let’s talk) to maintain the contacts you have and to use the double-opt-in as an opportunity to generate higher quality leads.
Since it likely isn’t practical to stop doing business with the EU, there are options to comply, maintain your EU contacts, and continue running a lead and demand generation machine. To start, you can adjust your data collection process to meet affirmative opt-in requirements ASAP and begin a permission-based email campaign to make legacy data compliant. You may elect to do this universally or to adapt your data collection processes to be regionally specific.
To help, here are the four steps we recommend to help B2B marketers develop a strategy for GDPR compliance.
These four steps will require internal buy-in, marketing legwork, and long-term compliance. However, by breaking down the big challenge of GDPR into these phases, you will have the framework for a successful plan.
We’ve compiled a short list of links to help you further understand how the industry is adapting and preparing for this change. Heavyweights like Pardot, Salesforce, and Hubspot all have plenty to say on the topic and are working to update their systems to ensure you are implementing GDPR compliant campaigns. We’re here to help, too. SmartAcre is happy to provide specific strategy, tactics, and execution to aide your team. Comment and tell us your biggest GDPR challenges.