By now you would have heard or seen many articles and notices about General Data Protection Regulations also known as (GDPR), some of you may have just glazed over it and continued on with your day, not thinking it applies to you and others may have taken the time to try and understand it, but like many new regulations and policies, they can be extremely confusing for business owners and marketers on just how and what exactly they are required to do and how it directly impacts with your digital marketing efforts.
Just like you, we did our research and have summed it up for you with the help from one of our clients, who happens to deal a lot with international markets. Firstly, to see if this applies to you, answer these three questions
- Do you have a business in the EU (European Union)? i.e. an actual premise or online business.
- Do you sell products or services to the European Market?
- Do you research clients in the EU or plan to expand to this market?
If you answered yes to any of the above, this applies to you.
When the regulation does NOT apply to you
Simply put, when you have NOTHING to do with the European Market (EU) and do not conduct any business or communication with the EU.
NOW YOU KNOW IF THIS APPLIES TO YOU, YOU NEED TO KNOW WHAT YOU NEED TO DO…
Processing Personal Data – what you now need to do
- You must advise people why you are collecting the data and be transparent about how you plan to use it.
- You must collect and process only the personal data that is necessary to fulfill that purpose.
- You must ensure the personal data is accurate and up-to-date, having regard to the purposes for which it’s processed.
- You can’t tell the customer you will use it for a specific purpose and later use their data for another purpose unless seeking approval prior.
- You must ensure the data is stored safely, so no one else can access it.
- You must install appropriate technical and organisational safeguards that ensure the security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technology.
How long can data be kept for?
As minimal as possible. It is recommended that you advise a client of a time frame. For example, let them know they will be on the database for 6 months, can opt out at any time, and will be contacted in 6 months time to see if you can keep their data.
Here is a quick checklist of what you need to tell your customers when obtaining data:
- Who your company/organisation is
- Why your company/organisation will be using their information
- How long the data will be kept
- Who else might receive it, if anyone at all
- Let them know that they have a right to a copy of the data (right to access personal data)
- If they are unhappy with the use of their Data they have the right to lodge a complaint with a Data Protection Authority (DPA)
- Give them a right to opt in and opt out at any time
If you still want more info, visit: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations_en
Additional source: https://www.eugdpr.org/
Please note that this publication is intended to provide a general summary and should not be relied upon as a substitute for personal advice.