You know how you get that one piece of mail in your inbox that you set aside and say, “I’ll deal with this later”? If you do, then you probably also know that you never get around to it.
You find a dozen different excuses from “I’ve got more important stuff to deal with” to “This really doesn’t affect me anyway.” Well, that’s how people have been handling GDPR for the past two years.
We as online marketers have pushed this aside and said, “We’ve got two years to deal with it” or “We’ll cross that bridge when we come to it.” And now, the time is past due for you to have gotten around to preparing your business for this major change.
What is GDPR
If you just read the last paragraph and asked yourself, “What is GDPR?” then you probably already get my point about how we as online marketers didn’t really take this too seriously. GDPR stands for General Data Protection Regulation and it was passed by the European Union in 2016 with the law going into effect in 2018. The law set up strict restrictions on how data can be collected, what can be done with it, and what happens if the collected data is not properly secured.
Who Does the GDPR Affect
Here’s one of the big sticking points that most people didn’t pay attention to. The GDPR affects ANY company that takes the data of a citizen of the European Union.
This doesn’t mean that you have to be a European company in order to have to abide by the law. If you’re a content marketer, then you know that you have people sign up for your newsletter from all over the country and across the world.
Chances are, then, you have taken the data of at least one person from the EU. If that’s the case, then congratulations, you are affected by the law!
But it can actually go beyond that as well.
Recently, a woman in the European Union was sued by her adult daughter because the woman had posted pictures of her grandchildren (the daughter’s children) on Facebook. After the two had a family spat, the daughter demanded the pictures be taken down.
The European Union courts upheld that under GDPR, the grandmother must take the pictures down as they constituted personal data. The court further ruled that each day the woman did not take down the pics, she could be fined. This takes the data sharing out of the realm of business and basically puts everyone on notice about using pictures or any other data from others without their express permission.
What Can You Take Away from All of This
We need to realize that too many of us are gathering too much data. Oftentimes, we put out a form with requests beyond just the name and email address to include things like birthdate or physical address.
Most of this is meant to use for marketing later with targeted emails. But is it really worth it if you’re not using it now or you never end up using it? If that data becomes compromised, you’re held liable for failing to secure it.
Secondly, you have to look very closely at the “small print” you’re using when your customers sign up for your newsletter. Spell out in detail exactly what you plan to use that collected data for. If you’re just using it to send out marketing emails, say that. But if you’re engaging in other activities such as selling data to third-party vendors (who may in turn sell it again and again), then you have to state this up front or find yourself at the center of a lawsuit later on.
When I started writing this, I wanted to know what has changed for online marketing in the two years since GDPR was implemented. The reality is, not enough.
Too many businesses are exposing themselves to liability because they think that the GDPR only applies to businesses in the European Union. Unfortunately, this is not the case and many other nations, and even some states such as California, are getting in on the act. The era of unrestricted data collection may soon be coming to a dramatic end.
Would you like more information on GDPR? Below I list resources for this blog: