**PLEASE NOTE**
This article has been written for illustrative purposes only and has no legal value. It merely represents information compiled by LeadFox pertaining to the General Data Protection Regulation (GDPR). We recommend that you consult with a professional in order to ensure that your practices are compliant with the applicable legal provisions. Find the complete text here.
The GDPR checklist to be compliant FASTER The law in bullet points to make sure you miss none of them Click here to access the free checklist
How is LeadFox preparing for the GDPR?
How is LeadFox helping you prepare for the GDPR?
How can you prepare for the GDPR?
Starting May 25th, 2018, businesses will need to comply with the new provisions set out in the General Data Protection Regulation. More commonly referred to as the GDPR, the purpose of this regulation is to establish “rules for the protection of individuals and the processing of their personal data, as well as the regulation of the free movement of that data.
” The aforementioned personal data is described as “any information relating to a given individual [...] who can be directly or indirectly identified via an identifier, such as a name, an ID number, location data, an online username, or one or more specific elements that are unique to the individual’s identity [...].”
Come again? How about a more in-depth look?
There are three very simple underlying objectives to this text, which all aim to bring structure to the practices of businesses that collect, store, transfer, and use the data of European citizens within the context of their business activities. First of all, this legislation aims to unify the various European regulations that govern personal data protection. The development of the Regulation was therefore inspired by the various regional regulations already in place and the best elements were then consolidated into a single piece of legislation. Secondly, it aims to offer European citizens greater control over the use of their data.
This constitutes a major step forward in comparison to previous provisions, and it aims to prevent unpleasant incidents like the one that has caused quite a stir in the headlines in the past few weeks. Lastly, the European Parliament hopes to hold businesses accountable for the processing of personal data.
Is it too good to be true?
However, businesses that do not comply with these provisions will incur severe penalties that are “proportionate to the offense and will serve as a deterrent.” Those fines can be set at 4% of the business’s revenue, or up to €20,000,000. DPAs (Data Protection Authorities), tasked with enforcing the various laws currently in place, are now responsible for ensuring GDPR compliance. For the time being, certain aspects, such as the complaints process, the scope of application, and the magnitude of fines and their underlying principle of proportionality, remain hazy. Nevertheless, the European Parliament’s objective is to send a very clear message: hefty financial constraints can be imposed upon those who attempt to circumvent the rules!
But don’t worry. A two-year grace period shall be instituted in order to allow businesses to comply with all provisions. What is the sole condition for receiving said grace period? You must demonstrate that adequate efforts are being made and that your business is actively trying to comply with those provisions.
The scope of this regulation is not limited by your geographical location. Canadian businesses: you may also be affected if you meet any of the following criteria, even if your business doesn’t have a single European client.
What does this look like in practice? For example, if some of your marketing initiatives include asking internet users to fill out a form so as to gain access to your services or content, you must comply with these rules. After all, the Internet has no borders and you cannot control where your web traffic originates from, nor exclude visitors living in certain geographical locations!
Implemented in 1995, the Data Protection Directive constitutes the set of rules governing the use of personal data. Needless to say, this legislation, developed before the arrival of cloud storage, CRMs, and online advertisements based on visitor behavior, is now...very much obsolete.
The benefit marketers have reaped up until now: these directives were so ill-adapted to present-day reality that they left room for considerable leeway in the performance of various marketing practices. In order to reflect present-day trends, the GDPR outlines three key changes.
The GDPR outlines the processes of collecting, storing, using, and transferring personal information. These new directives guarantee that European citizens will be able to:
The GDPR completely revises the notion of consent generally used by marketers.
Automatic registration, where the visitor is responsible for their own removal from mailing lists, and similarly, the passive opt-in approach comprising a pre-checked box, will be deemed fraudulent. The opt-in method will therefore be the only measure recognized in the context of obtaining an individual’s consent for the collection and use of their personal data. The guidelines governing data collection and the use of that data must be stated clearly and without ambiguity. The citizen must be able to easily withdraw their consent at any time.
The GDPR provides a set of directives on the transparent collection, storage, use, and transfer of data acquired in the context of your business’s activities. Your business practices must therefore align with this perspective, particularly with regard to ensuring that archived personal data is adequately protected against malicious use or theft. In order to ensure compliance, you can add an easy-to-access Terms and Conditions section to your website which clearly describes the various uses of the data you collect.
This directive affects many of your daily marketing activities.
In the context of your email marketing campaigns, be sure to add a few elements to your templates, such as an opt-in field during the initial interaction, or even an ‘unsubscribe’ link with every email communication. You must also be sure to maintain proof of consent for each contact in a readable format.
Even after the implementation of the GDPR, it will still be possible to employ automated marketing strategies, such as deploying forms and email marketing campaigns, retargeting, and profiling. Nevertheless, visitors to your website must be able to withdraw their consent at any time. The purposes of data collection and use thereof must also be outlined in the Terms and Conditions section of your website.
In order to comply with the provisions stipulated in the GDPR, marketing initiatives must meet several criteria. In particular, they must outline the specific reasons for data collection and define the context in which that information is to be used. Providing easy access to your website’s privacy policy and terms and conditions for all visitors is imperative.
When should I use the famous opt-in – a.k.a. checkbox? The opt-in checkbox is a highly recommended element for each of your forms. According to some marketers, this regulation forces organizations to implement a double opt-in process; an initial checkbox at the time of subscription and an email requesting the subscriber to confirm their subscription.
Even though this approach brings with it certain advantages – leads are typically better qualified and more engaged later on – no textual directive actually requires your business to implement such an approach.
The Internet is brimming with examples of companies that have already implemented good marketing practices in compliance with the directives set out in the GDPR. Here’s one, but don’t let it keep you from doing your own research (into your competitors’ practices, for example) in order to create content that reflects your industry and brand image.
Obviously, LeadFox will be compliant as soon as the GDPR goes into effect on May 25th, 2018. Here is a summary of the rights that LeadFox will address:
The GDPR outlines the processes of collecting, storing, using, and transferring personal information. These new directives guarantee that European citizens will be able to:
From now until May 25th, 2018, LeadFox will have completed 3 important actions intended to reinforce consent among its users:
In order to be completely transparent regarding the use of data, we have updated our terms of use and privacy policy. They describe what our email and marketing automation practices involve. You can view them by clicking here.
And finally, in order to maximize your data security, we have appointed an internal DPO (Data Protection Officer). The DPO will ensure that we are following the best global practices when it comes to our data management.
In addition to committing to GDPR compliance, LeadFox is implementing several measures and tools designed to help you prepare for these new changes. Here are our suggestions:
It is worth noting that if one of your contacts sends us a valid request to access or edit their data, we will respond to their request. However, we will of course inform you of the situation.
LeadFox includes all of the necessary tools for GDPR compliance. With LeadFox, you’ll be able to easily:
LeadFox stands out from the competition thanks to the quality of its dual-language marketing content. Our comprehensive section on the GDPR is no exception to the rule.
Below are links towards LeadFox’s key GDPR documents
And finally, you can contact us at any time to get tips on how you and your business can comply with the GDPR. Evidently, a legal opinion is the only way to guarantee full compliance with all of the specificities of the law.
“Do you have access to data pertaining to me?”
“What is the content of that data?”
“Can I access the data collected about me?”
“Please destroy all of my stored personal data.”
What measures have been implemented to guarantee the security of my personal information?”
With the implementation of the GDPR, your business should be able to provide all of the above information in a reasonable period of time. Do you know where to find all of that information? Before you start questioning your current practices, you should instead evaluate them in relation to the new obligations you must abide by. Start with the inventory of data you collect and how you process it. Here are a few things to consider:
The GDPR applies not only to new information you acquire after May 25th, but also to the email addresses currently in your database. You must therefore ensure that all of your contacts have consented to continuing the dialog you have entered into prior to that deadline. Yes, that unfortunately means that you must communicate with all of your contacts and have them confirm their subscription to your mailing lists. In so doing, you can remove dormant leads, contacts who no longer have sales potential, and individuals who no longer wish to maintain a line of communication with your company.
Then be sure to monitor the various elements that will allow you to quickly adapt to those new provisions. In this respect, you should also add an opt-in confirmation field to your forms immediately, as well as consolidate all instances of proof of consent into one single, easy-to-access document. You should also get used to deleting and editing your contacts. And finally, you should validate the technical process you use to export the data you’ve acquired. In brief, up until May 25th, 2018, we recommend that you be prepared to:
We recommend that you download our GDPR checklist so you can be sure to cover all of the main points. Click here to download the checklist for free :
Do you have any questions about the GDPR and LeadFox? Send us an email at RGPD@leadfox.io View our comprehensive section on the GDPR here