Well that’s because the GDPR is coming into action soon and companies are making sure they are protecting themselves when it comes to the new privacy laws.
In short, the GDPR (General Data Protection Regulation) is a new EU legislation covering data protection and privacy for EU citizens and applies to all companies offering goods or services to people within the legislation which in this case would be the EU.
Those, however, sitting outside the EU aren’t exempt from this. This is because if your website has any traffic coming from the EU, you’re unfortunately in the crossfire of the GDPR. Without proper regulation, there are fines of up to greater of 4% of global revenue or €20m.
You’ve probably been dragged onto on an email list before without properly asking you to ‘opt-in’. Well now the companies that do this are going to face harsher punishment and I suspect this will be rolled out worldwide at some point as well.
But to make it clear, the reason for the GDPR isn’t to crack down on every living soul on the web.
It is to regulate the companies that harvest data and sell it for money (Cough Facebook). These data-heavy processing companies will be under the most scrutiny rather than your everyday small business owner.
The constant fear that everyone is putting out that there are going to be millions of fines issued if your website or email list isn’t ‘GDPR ready’ is rubbish.
According to Elizabeth Dunham, the UK’s Information Commissioner, that’s just “scaremongering”. She further states that “Issuing fines has always been and will continue to be, a last resort.”
But it is still important to keep the GDPR in mind.
So what does it mean for you? Well, there are two main concerns for this:
1. Google Analytics
2. Email List
Without going into the technical components of it, here is a brief summary of what it means and what you need to do.
You’re probably thinking: “Wait a minute, isn’t that Google’s responsibility?”
And yes it is.
However, the main concern is around data retention. If you don’t look in your data retention settings, your data could be at risk before May 25th, 2018!
Make sure you select how long you want to keep your data for. This is where you should be checking your terms and conditions and website policies to see what length of retention you had stated. Otherwise, it’s time to update that policy!
This is the hard-hitting one. We have all been emailed by a company that we have never remembered opting into.
Well, how do we be GDPR compliant?
Firstly, if you have an email subscriber list pre-GDPR with users that have already consented, you are still free to continue emailing this list.
The steps you need to ensure your opt-in procedure is GDPR compliant:
1. Make sure your opt-in is clear
Make sure your opt-in is clear (no pre-ticked boxes!) with a clear question asking for consent. E.g. “I would like to subscribe to receive updates and newsletters from XYZ Company”
2. Make it easy for people to unsubscribe
Make it easy for people to withdraw consent. Most big email marketing tools like Marketo automatically add an unsubscribe feature to all emails sent out. If you don’t use an emailing tool that is GDPR compliant, make sure you have a way for users to opt out.
3. Consider a double opt-in
Yes, most people don’t like the idea of double opt-ins but it’s the safest way of ensuring your email list is GDPR compliant. This is because you technically need proof to prove that your subscriber list has given you permission to email them.
Many email marketing tools once again like Mailchimp offer this service.
4. Audit your current list
If you’re a sizeable email list, now would be the best time to audit it. Remove everyone that’s ever unsubscribed or if you don’t have actual evidence of them signing up and giving consent.
5. Keep all records and proof of consent including when, how and who it is
As I have been alluding to through the entire article, this is now essential to keep on the record. This will not only protect you but your business on not getting any warnings or issues!