There's a lot of talk, fear and speculation surrounding the imminent arrival of GDPR so I've scribbled down a handy guide to navigating this new policy. I've had my lawyer ensure that I'm on the right side of the law - and if you have access to the same services, you should consider doing it too.
WHAT IS IT?
GDPR = General Data Protection Regulation
It regulates the use of customer information as it pertains to citizens of the European Union. It's only a matter of time before this goes global I reckon. For now, the UK is included under the ambit of this new requirement.
WHAT DOES IT DO?
Ultimately, it's designed to safeguard online users from breaches of trust: stipulating how information that retailers and companies get from customers can be used. There are essentially 2 parts to it:
1 - Ensuring consent is in place for companies to use client information
2 - If there is a breach, that the customer is informed within 72 hours of a hack or cyber attack
DOES IT APPLY TO YOU?
The new regulations are designed to protect EU citizens and European markets - whether they are companies based in the union or not. Essentially, if you sell products or services to European citizens, you will need to comply. Here are 5 ways to determine if your business is affected and subject to these regulations.
1 - A reasonable amount of people on your database are EU citizens
2 - You use EU languages to market and sell your goods
3 - Your website(s) use EU-based abbreviations, so for example: .co.uk / .co.fr / .co.it etc
4 - You accept Euros as a method of payment
5 - You target EU citizens as part of your marketing strategy and approach
HOW DO I COMPLY?
You will also require consent for opt-ins: you need to give visitors to your website or online shoppers the choice to opt in or not. If you have an opt in setting that is always on (and requires the user to manually opt out), it will now need to be switched off to allow customers to decide whether or not they want to join your database. Refrain from adding customers who have shopped with you (but didn't opt in) to your database as sending them mailers would constitute unsolicited communication.
WHAT HAPPENS IF I DON'T COMPLY?
You could face hefty fines. So best you comply!
Look, I'm not a lawyer so I'd recommend you get your butt on the good side of the law. Yes it might cost a bit of money (lawyers ain't cheap...) but rather spend $600 getting compliant than facing $20m in penalties...
WHEN DOES THIS COME INTO PLAY?
25th May 2018. So, like, Friday.
If you have any queries, check in with a lawyer. If you'd like help with making your mailers look really spiffy with awesome new imagery and content - that's where I jump in: firstname.lastname@example.org
Images shot and styled by Shout & CO. for, L - R: Camille Co., Artisan Boutique, The Botanic Alchemist