There’s a recent and very important marketing update you should know about for your small-medium business or nonprofit organization. It will require action.
General Data Protection Regulation (GDPR)
The GDPR is the newest European Union data privacy legislation that went into effect on May 25, 2018.
According to CNET:
“The regulation expands the scope of what companies must consider personal data, and it requires them to closely track the data they’ve stored on EU residents. If someone in the EU wants a company to delete his or her data, send copies of the data, or correct an error in the data, companies have to comply.”
If you’re not located in the European Union (EU), should you care?
“Recognizing that data can travel well beyond the borders of the EU, GDPR provides protection to EU citizens no matter where their data travels. This means that any company, anywhere, that has a database that includes EU citizens is bound by its rules. Businesses of all sizes are affected — from micro to multinational. No one is exempt.” (MarTech Today)
Now, you may think this doesn’t apply to your biz/org because it’s small and/or doesn’t have European customers. But, surprise! The new law applies to you, too.
“The GDPR doesn’t apply only to big companies. Small businesses, nonprofit groups, research firms and solo entrepreneurs — wherever they are located — are also subject to these rules. All that needs to be proved is that the company sells or collects data from E.U. individuals.” (Washington Post)
Bottom line… the GDPR applies to any organization that collects, processes, manages, or stores European citizens’ data. So, if you use online or offline services that collect, process, manage, or store data, you must comply!
If you think this doesn’t apply to you because you don’t collect data, you’re not off the hook. Chances are your website or blog uses third-party services that collect data or cookies.
“A cookie is information saved by your web browser. When you visit a website, the site may place a cookie on your web browser so it can recognize your device in the future. If you return to that site later on, it can read that cookie to remember you from your last visit and keep track of you over time.” (U.S. Federal Trade Commission)
Types of Cookies:
- Session or transient cookies are erased when users close their Web browsers.
- Persistent or permanent cookies are stored on users’ hard drives until they expire or users delete them.
- First-party cookies are created by websites to store in the user’s computer. All web browsers permit these types of cookies.
- Third-party cookies are placed by websites to track and analyze visitors.
Some common third-party cookie examples:
- Online ads such as Google AdWords
- Analytics such as Google Analytics
- Embedded videos
- Social media
What happens if you don’t comply?
For EU organizations or those with locations or customers in Europe, there are stiff penalties for noncompliance. But, for non-EU countries, it’s difficult to know what will happen.
Large companies are at greater risk than small-medium businesses and nonprofit organizations. But, that doesn’t mean you should sit back and relax either.
You have a choice. You can choose to block EU users and forget about it. In fact, many U.S. startups and companies have already done that. Or, you can make some changes to comply with the new law.
Here are some sites with GDPR advice:
Here’s what I’ve recently done to comply:
- I downloaded a free WordPress plugin called, GDPR Cookie Consent. (There are others available.)
- I added GDPR-compliant fields to my signup forms.
- I cleaned up my email lists.
These are quite easy to implement. Of course, if your biz/org has employees or EU customers, there’s more you should do to comply.
One thing you want to do is assure your customers, prospects, and web visitors that your biz/org is trustworthy. This is an essential part of its brand reputation.
If you come across helpful GDPR information, especially as it relates to marketing, please share in the comments section below.