By now, marketers should know that the General Data Protection Regulation (GDPR) went into effect on May 25, 2018. A common belief is that double opt-in methods for email marketing solves the regulation’s requirement for gaining consent to collect and/or process a person's (or, data subject’s) data—but it doesn’t. Why? Let’s break it down.
Not quite ready for the General Data Protection Regulation? You're certainly not alone! Thorough preparation for all aspects of the GDPR is the only way to truly ensure readiness. In the meantime, we’ve put together this GDPR Consent Management Survival Guide Infographic to help you get through May 25 and beyond.
The GDPR provides a “legitimate interest” exception to the use personal data. This exception allows companies to use personal data without obtaining consent from the data subject. Although this exception has gained traction lately, the idea of an organizations’ legitimate interest is processing personal data is not a new one. The exception first appeared in Article 7 of the Directive 95/46/EC, which the GDPR replaced. The exception is cited in Article 6 (f) which states:
The GDPR and the fact that it gives data subjects the right to be forgotten has become a hurdle for marketers. To make things a little more interesting, it is not an absolute right and there are circumstances where a request to be forgotten can be denied—it’s called legitimate interest.
As the GDPR transforms from a distant vision to a fast approaching reality it is easy to get swamped in preparation and neglect some of the details of the GDPR. There is so much that the GDPR is that we find it necessary to point out what it is not.
We’re one month away from the GDPR (technically 5 weeks and 1 day), and businesses are are wrangling their teams together to get processes and compliance in place. In our latest webinar hosted by Kyle Robbins, JD, Legal Solutions & Privacy at PactSafe, we discuss what we know about May 25’s GDPR, as well as:
We're excited to announce that we've launched a consent management solution for end-to-end tracking and management of opt-ins and opt-outs of data privacy statements and policies; a critical step towards compliance under the European Union’s General Data Protection Regulation (GDPR).