As a digital marketer, we expect you know all about the General Data Protection Regulation, better known as GDPR, but here are a few links to helpful resources and a very brief reminder of what it means to you as an Emarsys customer.
The most important things for you to know as an Emarsys customer
First and foremost, remember that GDPR affects you and your customer data.
If you are in breach of these regulations, any resulting legislation will affect you, not Emarsys.
As your partner in digital marketing, we provide all the tools, means and advice you need to stay compliant, but it's up to you to use them properly.
We can protect the data you hold on your customers, through data security best practices and ISO compliance, but it is still up to you to collect and use that data in the right way.
In other words, we advise, encourage and enable you to be GDPR compliant, but it is your responsibility to take the necessary steps.
We feel this point is important enough to make it twice, and in a different color.
Emarsys is not a law firm specializing in data security legislation. We want to help you to understand this legislation but we are not offering legal advice. You should always refer to a qualified legal source when it comes to checking whether or not you are compliant in any given situation.
What exactly is GDPR?
What are the most important points in a nutshell?
GDPR concentrates on the following:
Consent - Now more than ever, you have to be 100% sure that your contacts have given you explicit permission to collect and use their data. Not only that, you have to be able to demonstrate that now and in the future.
This should always have been the case (if you have been a good marketer), but now many of the loopholes and grey areas have been tightened and cleared up.
- Access to data - Customers have always had a theoretical right to know what data you hold on them, but in the past it has been hard to make companies comply. Now this right is more robust, with more stringent rules applied to costs and a lowered, 30-day maximum timeframe.
- The right to be forgotten - Customers can demand that you delete all the data you hold on them.
- Data portability - Customers can request that you provide their data in an easily accessible format.
- Child protection - Under 16 years, children require parental consent. That is, they cannot subscribe themselves.
It also acknowledges that the Internet has made the location of your HQ all but irrelevant. You still need to comply if you offer goods or services to EU data subjects, or monitor their online activities.
And in addition to this, enforcement is stricter, and the penalties are larger.
In short, GDPR puts the law firmly on the side of the individual when it comes to collecting and using their data. And it makes it much, much more painful for the companies who fall foul of it, with the maximum fine now €20 million.
Where can I find the full text?
If you would like to see the full text of this law, you can find the official EU website here:
There are also some more general pages on data protection:
What steps should I have taken in preparation?
If you are not absolutely sure that you have prepared yourself, read this article:
How does this affect my marketing campaigns?
Your first actions should be to ensure that your contact database is clean and contains only engaged contacts who have given explicit permission for you to engage with them. This is a great way to clean up your lists and get rid of the long-inactive contacts. It's not as if they are contributing to your business...
Here are some ideas for you to consider: