The General Data Protection Regulation (GDPR) is a European Union regulation to standardize and strengthen data protection policies for residents of EU member nations. This went into effect in May 2018 and it includes data collected via eMail and websites.
Google GDPR for the full text.
It is an 88 page PDF. I haven’t read it in its entirety but learned a few things that you should know.
There are 4 primary “rights” to data that you have to give residents of European Union. If you don’t grant those rights you will have to pay what some would call exorbitant fees.
Right of Access, Right to Rectification, Right to Erasure & Right to Data Portability.
This means EU residents must have the ability to view, change & even remove their data from business databases.
Who Needs to Care
This is for businesses in the EU and ANY other businesses that track their data. Do you have a website that European citizens might buy goods or services from? Are your lists double opt-in? Can residents access all of the data that you have on them?
Clean up your Databases
In preparation for the GDPR I’ve seen some companies clean up their eMail lists and seen a 95% drop of contacts. This could be financially devastating to businesses that use eMail marketing to generate income.
How Big are the Fines?
If you do business in Europe you might want to sit down for this…
If a firm infringes on multiple provisions of the GDPR, it shall be fined according to the gravest infringement, as opposed to being separately penalized for each provision.
The fine is 2% of the worldwide annual revenue of the prior fiscal year or 4% at the high level. The cost of doing business in the European Union just got potentially astronomical.
What about the data you have collected in the past?
Sorry, no good news here either. All of the data that you have collected in the past is not grandfathered in. Your valuable data might now be a tremendous liability. I suspect many 3rd party options will become available to help businesses reduce risks.
Is this the end of SPAM?
That would be awesome, but not at all likely. Spammers will continue to spam, this is just to regulate data protecting legitimate business and to make a ton of money for regulators. The upside could be that business will take better care of our data.