Digital Marketing is facing a serious challenge that must be addressed: The General Data Protection Regulation will take effect on 25th May 2018. Its requirements are extensive and detailed, and the penalties can be extreme. Not complying with GDPR 2018 can make you lose your hard-earned database and pay millions in fines.
We understand how complicated and overwhelming this may sound. That’s why we simplified it into Crab’s 10 step checklist for GDPR, to guide you and make sure you’ve got everything you need to comply.
For digital marketers, managing the growth of your database is a number one priority. If users don’t complete the mandatory consent process, their personal information will have to be deleted and you may lose upwards of 70% of your marketing database.
Now, how can you minimise the loss? We are here to help. We’ve developed an enquiry form that once completed, will guide us to start the process with you.
Time to put your house in order: organise your data set, what personal data you hold, where it came from and who you share it with.
You will need to be transparent and state all the ways you gather, use and manage a users’ data. Review your current privacy policies and put a plan in place for making any necessary changes in time.
Individual rights have been expanded, including the right to be forgotten (the erasure of personal data) and the right to access (access to your personal data).
Check your procedures to ensure they cover them all.
When a user asks to access his or her personal data, you will need to respond within 1 month. Plan how you will handle this request within the new timescales.
Verify individuals’ ages and obtain parental consent for any data processing activity.
Make sure you have the right procedures in place to detect a personal data breach. If there is a breach, you have a 72-hour notification period to report it after you’ve identified it.
Privacy by design means making privacy a key consideration in the early stages of any project, and then throughout its lifecycle. Continuously minimising risks and building customer trust.
If your organisation operates in more than one EU member state, you should determine your lead data protection supervisory authority.
There are many reasons why you may hold personal data, and GDPR contemplates 6 clauses that apply depending on each case.
The two clauses we believe are relevant to marketeers are:
- Contractual obligations – If your customers buy a product from you, this only gives you the right to contact them about that purchase i.e. order confirmation and despatch emails.
- Double opt-in consent – If you want to promote further products and services to them.
You will need to be able to prove double-opt-in consent from all users and ensure you are only asking for strictly necessary information. The double-opt-in process is much longer than the current process and will require some IT integration.
You have less than 4 months before GDPR deadline.