The deadline for adopting GDPR has now passed, many Businesses risk fines if they do not comply with the new EU regulation.

The General Data Protection Regulation (GDPR) is a digital privacy regulation of the European Union that was introduced on the 25 of May 2018, it regulates and standardizes Privacy Legislation across the EU and it protects Users and Customers Privacy.

Companies doing Business in the EU are now required to:

1) To create visible and active privacy settings on their digital products, services and websites,

2) To regularly analyze their privacy requirements, privacy policies and cookies;

3) To illustrate and to show the permission to use users and consumers data,

4) To explain to their Users and Customers how the collected data are used and for what purposes.

5) To communicate data breaches.

GDPR is legally binding, and failing to comply entails fines to Businesses up to the 4% of their global turnover, Businesses will be also fined if they fail to protect their Users and Consumers’ rights when data breaches happens and if they do not communicate data breaches to the regulators.

The EU is seriously implementing the new GDPR legislation in order to empower individuals and Consumers by giving them more access to their Consumer and Privacy Rights because EU regulators have assumed that companies have been exploiting Consumers’ data for their own benefit without being transparent on how they are using this data.

This new approach to Data Protection will hold big and small Businesses accountable for their Data collection, Privacy policies and Data usage.

Previous EU data privacy regulations regarding Data Privacy were outdated regarding social media, smartphones, or even advanced web technology like Artificial Intelligence and additionally they were mostly directives, so companies and countries could easily opt-out while GDPR is binding and mandatory.

Consistency in data privacy regulations in the EU is a new opportunity for Marketing because Businesses can target the Audience who is really interested in their products, services and brands, but it can be a challenge if not adopted correctly especially for SME (Small Medium Enterprises), freelancers and professionals.

We will now cover the main concerns for Businesses regarding GDPR.

Therefore, a pre-ticked box that automatically opts them in like in the past needs to be replaced by boxes with the possibility to choose yes and no and the consent.

E.g Instead of assuming that Users, possible Leads who fill out a web form want to receive marketing emails, now Businesses need to ask them to specifically Opt-in to newsletters by ticking the sign up box.

2. Data Access

The Right to be Forgotten ruled by the EU Justice Court gives people the right to have outdated or inaccurate personal data to be removed and has already been partially implemented by many companies, one of them is Google, who was forced to remove pages from its search engine results in order to comply.

GDPR enables individuals to decide on how their data is collected and used including the ability to ask to Businesses to have access or remove it, in line with the Right to be Forgotten; it will be Businesses responsibility to make sure that their Users and Customers can easily access their data and remove consent for its use.

A practical Business solution is the subscription management settings that is GDPR compliant, it consists in the inclusion of an unsubscribe link within the email marketing template while linking to the User and or Customer profiles that allows them to manage their email preferences.

3. Data Focus

GDPR requires Businesses to legally justify the collection of the data that they actually need; data that are not relevant for Businesses’ purposes need to be legally proved why they are collected before to continue asking for it.
Expert advice for Businesses is to avoid collecting any unnecessary data and to stick with the essential data required to conduct Business as usual.

EU institutions and regulators are responsible for implementing the GDPR legislation and to investigate the violation. It is important to take note that Users and Customers can report the GDPR violation committed by Businesses.

The most common GDPR violations for Businesses.

1) Contacting Customers and users by email, without having to ask the consent to them, e.g. when e-mail addresses have been obtained from third parties without consent from the final User and Customers for that is contacting them.

2) Contacting all customers by email, including Customers that had previously Opted out is a breach of GDPR.

3) If Users/Customers have Opted-out of marketing emails, Businesses should not email them. Sending e-mails to customers from the company’s database by asking them to confirm their data when some of them had previously opted out or unsubscribed to marketing emails and thereby gave no consent to be contacted is another violation.

4) To send e-mails to subscribers from the company database asking if they would like to be informed about new promotions or updates regarding the company products, services and Brands.

This email is usually used to clarify how many subscribers would like to continue to receive marketing emails and it should be checked before sending it to individuals who had specifically opted out.

If Businesses do not have explicit consent to email their customers, they should not e-mail them because even asking for consent is classified as marketing and is in breach of the GDPR regulations.

5) Another violation is to send e-mails regarding the Loyalty program to ALL customers registered in the company database, asking subscribers to update their account preferences Including also subscribers who had previously opted out and unsubscribed.

Businesses should be always 100% sure that the subscribers they send an email to have opted-in.