In May 2018 the new EU data privacy act called the General Data Privacy Regulation (GDPR) is coming into force. The purpose of the legislation is to have an impact on how organisations obtain, store, manage or process personal data of EU citizens. In this post, we will provide some fundamental information and links to sources talking about the GDPR and its consequences that we have found useful, and hopefully you will too. (Note that this post is not to be considered legal advice.)
First of all, the new law refers to all EU citizens. That means that it applies regardless if you’re operating in a B2C or B2B environment. The new regulation will replace the 1995 data protection directive—which came into force in a world that was just starting to become ‘onlinified’—and has been interpreted differently by different countries. GDPR wants to take into account what has happened since; that we are living in an environment where you leave digital footprints whenever you access a destination online from any device. And the fact that this data is then being used to track behaviours and—in the best of worlds—improve services.
There are two main points that have caused eyebrows to be raised.
First of all, the new regulations apply regardless of where your business is based. So if you are situated outside of the EU, but you collect data of EU citizens, GDPR will still apply.
Secondly, the maximum penalty for being in violation of GDPR regulations are stipulated to be up to €20 million or 4% of the company’s global annual revenue (whichever is greater).
Essentially, GDPR is likely to hasten the demise of tactics like buying email lists, cold emailing and spam. And the principles of inbound—to provide guiding content to opted-in contacts that want and value the information—is likely to get a boost.
Recently, HubSpot wrote an excellent blog article highlighting the GDPR principles you should consider at the various stages of the inbound marketing methodology which contained the following graphic:
As you can see, eight distinct principles apply throughout the inbound journey. HubSpot’s blog post describes these in more detail (with examples), but the key points are:
The short answer is yes, but we don’t yet know exactly which changes and what they will entail. Our best guess is that improvements will be around GDPR consent in forms, localised double opt-in, support for efficiently deleting data and communicating deletion.
If you want to know more, here are further GDPR resources in addition to above mentioned blog post by HubSpot that are worth taking a look at:
There are also some resources in Swedish:
GDPR is easily mistaken for a technical challenge that requires only a technical answer (e.g. ‘we need to use double opt-in’), but we hope above gives a broader understanding of GDPR and the process and policy implications.
If you want to know more about how Zooma deals with GDPR, then feel free to get in touch with us.