The GDPR is here: Save your lists or lose them forever
It seems like only yesterday that European Commission adopted the new General Data Protection Regulation (GDPR). But now it is here: On Friday, May 25, things get serious. Here are the most important actions you need to take.
Two years have passed since the Commission introduced the GDPR. Thousands of articles and suggestions have been published by hundreds of law firms across Europe and the globe. If you’re among those who have read them all—great!
But if you have been postponing your obligations under the GDPR—like we did, embarrassing, isn’t it—it is now high time to take the bull by the horns.
Let’s start with the most important thing, your marketing and communication with your clients. Below are our suggestions how to keep in touch with your clients, business contacts and subscribers and be GDPR-compliant.
1. Audit your existing database
You have built your lists over months, years, perhaps even more than a decade, contacts with which you want to stay in touch. Anytime a contact is a natural person, you are processing personal data as per the GDPR.
For your activity to be in compliance with GDPR, you need to review your database and determine the legal basis for the processing of any personal data. Using data for marketing is considered a legitimate interest for personal data processing under the GDPR, but sometimes you may need everyone’s express consent to be compliant. For example, a consent for data processing is required if it is possible to subscribe to your newsletters through your website.
Consent that must be freely given, and that can be withdrawn at any time. This means not only do you need to make it easy for people to give their consent, but you are now legally required to make it as easy as possible for them to take it away again, too.
2. Review your privacy policy. If you don’t have one, get one from your lawyer
All persons whose personal data you process need to know that you do so and what rights they have with regard to their personal data.
This information needs to be stipulated in your privacy policy. Under the GDPR, this must include information about the legal basis on which you process their data, and also the purpose. Beyond that, you also need to provide various information, primarily information about the recipients of their personal data, information about the controller, and determine the period of storage of relevant personal data.
To round it all off, you are also obliged to inform them about their right to access their personal data which you have, and that they can require you to correct and delete the data as well.
3. Make sure your contacts can easily unsubscribe, and make sure your service providers are also GDPR-compliant
Any subscriber of yours needs to be able to opt out of the marketing material you send. The way they can do that has to be simple. To make sure that is the case, we strongly recommend that each newsletter you send out contains information about how and where the recipient can unsubscribe from your mailing list.
In case the tech behind your mailings isn’t in-house, you also need to make sure whatever provider you use is GDPR-compliant: you are ultimately responsible. If necessary, consider switching to another service.
These are the basic requirements of the GDPR.
Glikman Alvin have specialists concerning this type of legislation—in fact also one that closely followed how the Commission developed this policy from the start. If you need any more information, please don’t hesitate to call us or drop us a line.
Join our newsletter