Welcome to the Part 2 post about GDPR, the new privacy regulations that will impact marketers who reach the EU, effective 25 May 2018. Fines can be up to 4% of your gross revenue or 20 million Euros, so be prepared!
Part 1 discussed the regulations, the type of information impacted by the rules and how your organization might be affected. This post will give some ideas about how you can try to opt in the current EU names on your database, update online forms, and your website itself.
- Collect only data that you know you will use.
- Remove pre-checked boxes when people opt in/out of your brand’s secondary offers. People will have to opt in for additional offers.
- Consider a double opt in. There is when you send an email to the person who opts in, reconfirming that they really want to opt in.
- Make clear–by separating into distinct sections–the difference between accepting terms and conditions on your website and opting in/out of offers.
- Offer a list of specific areas of interest that recipients can choose to receive information about, allowing the recipient to check yes or no to each one. Again no pre-checked responses (See #2 in forms).
- Ask how people want to be reached: telemarketing, email, direct mail. This is not required, just a suggestion.
- Offer a way for people to change the frequency of receiving messages (which may eliminate some permanent opt outs) as well as a way to opt out of everything.
- Note that website cookies are also impacted by the regulations. Consider having a message about cookies pop up when someone comes your website. On a recent trip to Italy and France, cookies message popping up on virtually every website I visited.
If you want more detailed samples of some of these items, feel free to contact me.
The journey continues.
DISCLAIMER THAT I am not an attorney so this should not be construed as legal advice. This post is MY interpretation of what I have learned about GDPR so far, as a marketer who tries to stay on top of audience development and marketing issues. Any legal instructions should come from an attorney with knowledge of GDPR regulations.