The year we have all been waiting for has arrived. 2018. Where the marketing laws change as we know it. There have been so many releases and updates to the GDPR policy so how do we know what’s right, what’s not and what’s most accurate? Let’s take a look at the latest things we know, at CommuniGator, are going to keep you safe from GDPR harm.
Legitimate Interest
The Data Protection Act recognises that you may have legitimate reasons for processing personal data. Allowing you to contact leads and prospects that you can prove will benefit from your products and services, based on your ideal buyer persona.
Legitimate interest is the ability for your company and marketing to prove the reasoning behind you emailing your database with relevant content to their industry and job title, without necessarily having the double opt-in consent to do so.
Download our Persona Builder Template to get you started with Legitimate Interest.
The Right to be Forgotten
The right to be erased (RTE) or the right to be forgotten (RTF) relates to the holding of personal data. As a data controller or processor, you need to offer the ability for individuals to request deletion or removal of their personal data where there is no reason for its continued processing.
This can happen in a number of different circumstances; when the individual withdraws consent, when the personal data is no longer necessary to the purpose it was originally collected, the personal data was unlawfully processed in the first place, and so on. It is your responsibility as an email marketer to ensure you comply with the right to be forgotten.
Subject Access Request
Created by section 7 of the Data Protection Act, subject access means individuals can request a copy of the information organisations hold about them. This includes whether any personal data is being processed, a complete description of the personal data, the reasons behind it being processed, whether it will be passed on to any other organisations, the source of the data and any information compromising the data.
Again, as an email marketer it will become paramount you have the ability to comply with these requests.
Email Consent and Permissions
Stepping a little away from GDPR and into the realms of PECR, EU Privacy and Electronic Communications Regulation (which becomes effective in 2019), means your most prominent, but not exclusive, obligations are to demonstrate the lawfully processing of the data you control. This means, among other things, that, as a data processor, you must be able to justify the sending of marketing emails by reference to one of the “lawful processing conditions”. Processing shall be lawful only if and to the extent that, at least one of the 6 reasons of GDPR applies. Of these 6 reasons, legitimate interest is one of the options you can process under.
If you’d prefer to work with a double opt-in database, take a look at our step-by-step guide to getting your contacts double opted-in.
Who’s to blame?
As the lines are so blurred when it comes to GDPR it can be tricky to know who is responsible and who is to blame. It’s easy to assume that if you are using external suppliers then you’re off the hook. However, that isn’t the case, unfortunately. Preparing systems and processes ahead of the GDPR implementation is not a small task. Everyone within your business needs to be aware of the legislation changes, including your decision makers and your customers. GDPR makes a change in the responsibility of data controller and data processor.
Under the new regulations, the data processors have the added responsibility of better protecting the data they are processing. As well as the data controllers. So, whichever you are, you need to be GDPR compliant.
There are a few steps, as a data processor, to take to ensure you are ready for the GDPR take-over:
1. Analyse and document the types of personal data your business holds
2. Check your procedures and statements to ensure you cover your individual’s rights
3. Identify and understand the lawful basis of processing data
4. Review your consent procedures
5. Implement procedures to detect, report and investigate personal data breaches.
At CommuniGator we have you covered. As both data controllers and processors ourselves we have an invested interest in the GDPR changes and how we can still be successful after the implementation of the changes. As well as our customers. Take a look at our GDPR resource section to ensure you are as prepared as we are.[/vc_column_text][/vc_column][/vc_row]