GDPR is in effect. Now what?

This article is based on our research and is not intended to provide or replace legal advice.

By now you may have heard of the General Data Protection Regulation (GDPR) that went into effect on May 25, 2018. The GDPR applies to all marketers, especially those located in or who do business within the European Union (EU). If your website is collecting data on prospects or leads, now is the time to make sure you’re in compliance with current guidelines, such as those set forth in the GDPR. Below are five things to keep in mind as you move forward.

1. If you are in the U.S. you probably already have a privacy policy on your website due to the California Online Privacy Protection Act of 2003 (CalOPPA). The link to your privacy policy needs to be visible on your home page and should tell visitors what information you collect, what you will do with it, and how you are going to be protecting their information. It is also best to have your Privacy Policy linked to on any opt-in pages or anywhere else you are asking a user’s permission to contact them in the future.
2. The GDPR applies to your existing lists. If you did not have your current list of subscribers segmented, now is the time to do it. You will need to know who are sending to and where they are located. If you are not sure if your subscribers are in the EU, it would be best to leave them off your list until you can have them re-opt in on a new offer. Your loyal fans won’t object to these extra steps as they are looking forward to seeing the valuable content you are providing them.
3. Moving forward, an opt-in form is only an opt-in for what it says your user will receive. Everyone loves freemiums, but now you cannot require someone to sign up for your general newsletter list to receive a freebie. You will need to have an additional opt-in (sell your benefits!) to have users consent to being on your “newsletter” mailing list as well.
4. Your users must be able to opt-out if they do not want their information collected or if they no longer wish to receive communication from you. We hate to say it, but sometimes people want to leave our lists. Let them go, if they end up being the right fit for your products they will re-engage with you.
5. Make sure you are only asking for the data you actually need. Sometimes as marketers we include “nice to know” questions or lead qualifier fields on our forms. It’s best to only obtain the data you need for the specific reason you are collecting data (a purchase, an opt-in, your newsletter, and so on).

The GDPR sounds like a big change in the marketing world, and it is. The only way to feel comfortable with the constant changes we face today is to embrace them. If one thing is certain, we can expect for there to be more changes as the internet and our ways to reach potential customers evolves.