GDPR
If your company targets the European market, you’d better be GDPR compliant. Otherwise, you’re likely breaking the law. Failing to comply with the General Data Protection Regulation (GDPR) results in charges, fines, and a damaged brand reputation. And given how easy it is to stay GDPR compliant, there’s no reason you shouldn’t follow the regulations. In this article, we cover everything you need to know about GDPR email marketing to help you write GDPR-friendly emails and avoid fines. What Is GDPR? GDPR is a set of security and privacy laws in the European Union (EU) that regulate how data should be collected and processed. How does it help? The GDPR protects individuals from: Unnecessary data collectionWrongful use of personal dataPersonal data breachBiased algorithmic decision making The data protection rules increase transparency and accountability between businesses and their customers, giving users a better understanding of what their personal data is used
Previously I’ve talked about the affirmative consent standard found in the US federal anti-spam law (CAN-SPAM). I’ve found it very useful test when trying to understand if a process is appropriately opt-in our not. Wondering if GDPR has something similar? It does.For various reasons, the UK and the EU have slightly differing versions of GDPR, but the UK’s Information Commissioner’s Office provides us with a pretty good guide for email marketing permission standards, and I think it’s a good starting point to learn about opt-in requirements EU-wide.The ICO explains that “Consent requests need to be prominent, concise, easy to understand and separate from any other information such as general terms and conditions.”Opt-in is key — see “What methods can we use to obtain consent?” for more details. No pre-checked box, not hidden in terms and conditions, and make it easy to understand.The handy website GDPR.eu, put together by Proton AG
More than ever, people seem to care an awful lot about protecting the privacy of their personal data. Does that mean the days of blindly checking the “Agree” box for terms and conditions are over? Will consumers start poring over the privacy policies of every website they do business with? Honestly, probably not. But prioritizing personal data protection is a trend that’s turned into a movement with no signs of slowing down. At the same time, consumers are expressing a desire for more personalized experiences from brands. And marketers are more than willing to use personal data to make that happen. A highly personalized brand experience requires personal data. So, where do these two lines cross? How can marketers use the power of personalization to build unique and engaging emails for subscribers while being vigilant about data privacy at the same time? Table of Contents The privacy paradox and its…
What’s meant by privacy policy? Why must each website have information that clearly illustrates how user data are collected, used, and managed. What are the penalties in case of failure to comply with the GDPR? Blog and website managers are becoming obsessed with GDPR compliance and the need to draft their own privacy policy. Now, why is it necessary to draft a document that clearly illustrates how data are collected and managed? Above all, what must it contain? Users happen to leave their personal data like names, surnames, and addresses on the Internet, along with many other pieces of information that identify them and track their web behavior. In recent years, the legislator has paid particular attention to behavioral data collection for profiling purposes by websites. Hence, their use is now allowed only after the user’s informed consent. The European Parliament has regulated the matter with the General Data Protection…
These days, browsing the internet feels a lot like wading through quicksand. Almost all web applications first ask users for consent on an unmanageable amount of usage scenarios. The reason behind this: honorable intention of global politics – and the European Union in particular – to return data sovereignty to users after decades of unnoticed data collection by countless service providers. In 2018, the European Union enacted a new legislation to protect its citizens’ personal data, potentially affecting every consumer brand worldwide: the General Data Protection Regulation (GDPR). Unlike its predecessor, Directive 95/46/EG, which had to be transposed into national law by EU member states, the GDPR has been directly applicable in all EU member states since May 25, 2018. Why does the GDPR implicate cookie policies? The GDPR was created to enshrine Article 8 of the European Charter of Human Rights,which aims to regulate personal data stored or used by a…
Google Analytics does not process personal data because IP addresses are anonymized During the legal management of third party analytical cookies (e.g. Google Analytics), you may have been reassured by IT personnel that the “masking” of IP addresses is applied, and therefore personal data is anonymized, enabling you to activate these cookies by default, without the user’s prior consent.In reality, when a site uses third party cookies, it is not enough to mask the IP (or adopt other tools that reduce the power of identification of the cookies): it is also necessary to enter into an agreement with the third party (e.g. Google) through which the latter contractually undertakes to use cookies exclusively for the provision of the service, and not to cross the information contained in them with that which is already at its disposal. If the third party is Google, you can find the appropriate data processing terms…
Data processed for profiling and marketing purposes must be deleted after 12 and 24 months respectively Among colleagues in our industry, there is a deeply rooted conviction that personal data processed for profiling and marketing purposes must be peremptorily erased 12 and 24 months after their registration, respectively. This conviction has its roots in the Italian Data Protection Authority’s “Loyalty Cards Measure” of 2005 : a measure that is still considered current, aimed at regulating certain aspects (including data retention times) related to the processing in the context of “loyalty” cards or cards that create a lasting relationship with customers for purchases and service provision.However, the above measure does not appear to be susceptible to application by analogy. Yet, many companies have understood these terms as mandatory for any processing carried out for marketing and profiling purposes, even outside the scope of “loyalty programs”. This is probably due to the…