On May 25, a new personal data privacy regulation goes into effect in the European Union (EU). The General Data Protection Regulation (GDPR) will change the way companies and websites can gather data from individuals and introduce fines of more than $20,000 to companies who fail to comply with the new regulations.
At this point, you only need to take action on these regulations if you’re targeting users in the European Union. If you only have email addresses or ads running to users in the United States, you’re in the clear for now. But it would be wise to pay attention to these laws, as it could very well be a sign of what’s to come in more countries as online privacy concerns continue to escalate.
The primary focus of the GDPR regulations will focus on email addresses, but there are a fair number of examples where this regulation can cross over into social media marketing. For example, if you collect email addresses through social media campaigns (lead generation), you’ll need to make sure any campaigns targeting users in the EU are GDPR-compliant.
You’ll also need to give these users the ability to “be forgotten.” Basically, that means that EU users now have the right to access all the data you have collected on them and to ask you to delete their data if and when they’d like it to be deleted.
Third, you’ll need to be careful that you’re not asking users for data that’s not relevant to your business need. If you sell shoes but ask users what their political affiliation is on a lead generation form, you’ll be in violation of GDPR. If your website opt-in forms have been asking for a generous amount of information from your users, you’ll need to see what’s the most relevant and decide if the additional data is really necessary for you to collect.
These are pretty massive shifts, but it seems as though users in the EU are excited to feel like they’re in control of their personal data more than they have been in the past. It remains to be seen if users in the United States will be given these same protections anytime soon, but given the uproar the Facebook/Cambridge Analytica data breach caused in the U.S., it would be wise to keep an eye on these regulations and be ahead of the curve.
Is your business affected by the GDPR implementation? What steps are you taking to make sure you’re compliant? If you’re a U.S. based business who doesn’t have to comply at this point, will you make changes proactively to be ready, or just to be more conscientious about the data you collect on your customers?