If you haven’t taken action to comply with the new data protection legislation, we’ve got a plan to get you started
FRIDAY, JUNE 15, 2018
[Note: This material has been prepared for informational purposes only, and is not intended to provide and should not be relied on for legal advice or GDPR compliance. If you have further questions about compliance, consult your legal counsel.]
For the longest time, the internet has been the Wild West when it comes to online data. You could take it, hoard it, and even sell it without users ever knowing.
But there’s a new sheriff in town.
Well, more specifically, there’s a new sheriff in Europe.
By now, you’ve heard all about General Data Protection Regulation (or GDPR), the new legislation that went into effect last month and gives citizens in the European Union (EU) much more control over how their personal data is obtained, retained, and used.
But have you taken action with your business or website yet?
If any of your subscribers or customers live in the EU, you must ensure you’re in compliance with the new regulations. If you don’t, you could be subject to incredibly heavy fines of up to €20 million or 4% of the annual worldwide turnover of the previous financial year.
But even if you’re found to be in violation of GDPR and you aren’t fined, your company could still take a substantial hit to its reputation and your clients will undoubtedly lose trust.
The good news is that if you’ve always been transparent about your data collection and you’ve never been shady about your methods, there’s probably no need to panic.
But you still definitely need to take action. We’ve got six steps you can take right now to make sure you’re in compliance.
1. Audit Your Existing Contacts
Before you get started on safeguarding for the future, it’s vital that you take a look at your current list of contacts and find out which ones are based in the EU.
- Find out where your contacts are based through their IP addresses and determine which ones are in the EU.
- Send email that’ll ask the contact to confirm their consent to receive emails from you.
2. Remove Unengaged Contacts From Your List
Keeping your email list is clean is imperative. Email platforms like Infusionsoft have policies to suspend any account with too many bounces or spam complaints, and keeping a clean email list will keep you in good standing with your email marketing service provider while improving your deliverability with your contacts’ internet service providers.
Check out the basics below or click here for our guide to the essentials of email list health.
- Identify contacts who have engaged with your emails in the past six months.
- Launch a re-engagement campaign in an attempt to get any unengaged contacts back.
- Remove unengaged contacts from your campaigns.
- Evaluate the language you’re using on your opt-in form to ensure contacts know what type of communication you plan to send them.
3. Segment Your Contacts Based on Location
Once you’ve geolocated your contacts, it’s time to take action for those who live in the EU. Add segmentation and, if you do have customers in the EU, do a top level EU email extension segmentation. Here’s how you do that:
- Segment and re-engage the contacts in the EU and ask for their consent to continue to email them.
- Identify contacts with an unknown location who are highly engaged and matched them to determine their location and determine if they’re still marketable.
- Consider retaining a EU representative through Verasafe.
- Sign a Data Protection Agreement.
- New rights. State that you’ve incorporated users’ additional rights and outline what data you’ll hold and how you’ll use it.
- Transparency. Express that you’ve made it easier for users to understand how you collect your data, process it, and keep it secure.
- Control. Outline how users can access, manage, and make requests to change their data.
- Right to be forgotten, object, rectification, portability, and access. Explain that any EU contact can email your support team to request their data be accessed, deleted, changed or transferred.
5. Update Opt-In Forms for Consent
Another big change of GDPR is that users must now give explicit consent to provide their data, and they have the right to know exactly what they’re agreeing to. It’s imperative that you implement a new procedure for consent in all areas where data is collected, like newsletter signups, opt-in pages, and order forms.
- If a contact is not from an EU location: Viewers will not see the cookie announcement bar.
6. Create New Contacts Procedures
When you’re caught up with your existing contacts, the next step is to establish new procedures so that you’re set up for GDPR compliance when you obtain new ones.
Here’s a suggested plan if you’re using Infusionsoft:
The bottom line is that data protection regulation like GDPR is all about giving users more control over their personal information, and frankly, it’s overdue. As the landscape continues to change, it’ll be up to businesses and websites to respond and adapt to new requirements. Making sure that you’re in compliance with GDPR will give you a headstart when more legislation starts to roll in.
We at Full Cycle Marketing are here to help you take appropriate action. But the most important thing you can do is stay informed. Take a look at more sources below to ensure you’re doing all you can to prepare for the future.
- AWeber: Your GDPR + Email Marketing Playbook
- Create If Writing: GDPR FAQs
- Mailchimp: Collect Consent with GDPR Forms
Still feeling overwhelmed? We’re here to help. Contact us and schedule a free consultation.