By now, marketers should know that the General Data Protection Regulation (GDPR) went into effect on May 25, 2018. A common belief is that double opt-in methods for email marketing solves the regulation’s requirement for gaining consent to collect and/or process a person's (or, data subject’s) data—but it doesn’t. Why? Let’s break it down.
The General Data Protection Regulation (GDPR) has been enforceable for several weeks now. Leading up to its May 25 deadline, many marketers were (and still are) evaluating their consent capture and tracking methods, ensuring it was up to par with this new regulation. Where many fall short of compliance is by relying on double opt-in methods. Let us first state this: The information a double opt-in collects on its own is not enough to prove consent. When a user opts-in to your company’s newsletter by filling out a form, the link to complete the sign-up in the confirmation email does not provide the information needed to prove consent under the GDPR.
Not quite ready for the General Data Protection Regulation? You're certainly not alone! Thorough preparation for all aspects of the GDPR is the only way to truly ensure readiness. In the meantime, we’ve put together this GDPR Consent Management Survival Guide Infographic to help you get through May 25 and beyond.
The GDPR provides a “legitimate interest” exception to the use personal data. This exception allows companies to use personal data without obtaining consent from the data subject. Although this exception has gained traction lately, the idea of an organizations’ legitimate interest is processing personal data is not a new one. The exception first appeared in Article 7 of the Directive 95/46/EC, which the GDPR replaced. The exception is cited in Article 6 (f) which states:
The GDPR and the fact that it gives data subjects the right to be forgotten has become a hurdle for marketers. To make things a little more interesting, it is not an absolute right and there are circumstances where a request to be forgotten can be denied—it’s called legitimate interest.
As the GDPR transforms from a distant vision to a fast approaching reality it is easy to get swamped in preparation and neglect some of the details of the GDPR. There is so much that the GDPR is that we find it necessary to point out what it is not.
We’re one month away from the GDPR (technically 5 weeks and 1 day), and businesses are are wrangling their teams together to get processes and compliance in place. In our latest webinar hosted by Kyle Robbins, JD, Legal Solutions & Privacy at PactSafe, we discuss what we know about May 25’s GDPR, as well as:
In addition to requiring businesses to clearly state to data subjects how their personal data will be used, article 7 of The General Data Protection Regulation will require them to gain consent to process their data, and provide an easy way for data subjects update their preferences or revoke consent entirely. Illegally processing personal data can come with heavy fines - upwards of €20 million or 4% of your company's annual global turnover.
PactSafe COO Eric Prugh and G2 Crowd CMO Ryan Bonnici hosted a webinar on the impact the General Data Protection Regulation (GDPR) will have on marketing. On May 25, 2018, the GDPR will become enforceable. It will require businesses to clearly state to users how their information will be used, gain consent to use their data, as well as provide easy access for users to update how their information is being used—or revoke consent entirely.
In our GDPR series, we’ve broken down how May’s GDPR will affect marketers, identifying how the use of chatbots will change, as well as why double opt-in isn’t the end-all-be-all for compliance. When the GDPR comes into effect on May 25, 2018, marketers will need to be prepared to prove consent for capturing and using user data across all of their marketing channels. Not only that, but businesses will be required to provide the option for users to revoke consent (and track it, too.)