If you're anything like me, lately you have been inundated with marketing newsletter emails. They're coming from companies all around the globe -- some you have barely heard from in years -- all asking you to do one thing: agree to keep receiving their emails. While initially, you might have thought marketing trends have all gone a bit samey, they're really the most visible attempts to alert you of the upcoming General Data Protection Regulations (GDPR for short) coming to the European Union.
On May 25, 2018, GDPR takes effect, and if your company is outside the EU, you may wonder what any of this has to do with you. Unless you haven't noticed, the internet is a "world-wide web" by design. Even if your business is only in the U.S., you may accidentally cause a GDPR infraction without realizing it.
Here's a quick test:
- Do you have a branch, subsidiary or any representative in the EU?
- Do you offer any goods or services to persons located in the EU?
- Do you monitor the online behavior of persons located in the EU?
While they may seem like simple yes and no answers, most businesses do not know for certain whether or not their users are located in the EU based on the data they are currently collecting. And, now under GDPR, if the user is located in the EU, you cannot collect or keep data on users unless they've already opted in specifically for that purpose.
It's a catch-22.
So, the best bet for companies who already have data is to ask for permission to keep hold of it -- which is what all those newsletter signup requests are for. In the meantime, subscriber rates are falling precipitously. According to research by w8Data, companies can expect to lose 75 percent of their mailing lists. On the plus side, that means that the people who opt in are truly engaged customers.
And for small businesses, there's even more bad news. Specific regulations with regards to email tracking can cause huge fines, up to $25 million for each infraction, which would put most entrepreneurs out of business.
As a small business, what should you worry about?
1. Lead Prospecting
GDPR makes it clear that direct sales is a legitimate reason to collect personal data - however, it also spells out that you must have a reasonable explanation for why this particular user wants to be hearing from you. In other words, unless they specifically opted-in to your mailing list or you have a previous relationship with them via Linkedin, Facebook, etc, you can no longer send a cold email without risk of being fined.
2. Email Tracking
Oh, email tracking pixels, how we loved you. They were able to tell us that someone had our email and opened it, opened it again, then opened it while they were on the subway. And then from their ChromeBook. And then, randomly, from Nigeria.
Alas, this is no more, as GDPR has an entire "Working Party" about the wrongness of email tracking without the other user's knowledge.
I'm sure Mixmax, Bananatag, Streak and other email tracking providers will soon be updating their services with some creative solution, lest their subscribers risk those avoidable GDPR infractions.
3. Group Texts
In one of the most unexpected privacy infractions of GDPR, sending group texts or mass invites can land you in hot water as well. In WhatsApp, for example, your phone number is automatically revealed and remains even if you remove yourself from the group. If using Facebook, Telegram or other message groups are currently part of your business, they may not be much longer.
4. Mailing Lists
As mentioned above, mailing lists are perhaps the quickest and easiest to prepare for. All you need to do is to re-opt-in every member on each of your mailing lists - it easiest if you just have them join new ones. After May 25, you'll have up to 60 days to delete all the information you're keeping on people who haven't signed back up, as you'll only be able to retain data that has a fully documented permission trail after that date.
Don't panic -- there are plenty of checklists, tools, and information available online to help you navigate the upcoming changes. As long as you take appropriate steps to safeguard your customer's privacy, you should have smooth sailing.