Did You Know GDPR Compliance Affects Your Data Collection for European and Some Non-European Residents?
GDPR is a new comprehensive data protection law in the EU that updates existing laws to strengthen the protection of personal data. It came into force May 25, 2018.
Many of our US clients are shocked that they need to worry about GDPR compliance. The impact is especially felt by the marketing department who uses marketing automation or sales automation software to manage prospect or client data. The territorial scope of the GDPR applies to companies operating in the EU and also to non-EU businesses who:
- a) market their products to residents of the EU, or who
- b) monitor the behavior of residents of the EU.
In other words, even if you’re based outside of the EU, but you control or process the data of EU residents, the GDPR will apply to you.
Many marketers also don’t know what countries are part of the countries and territories covered by GDPR compliance. Read on for a list.
What European Countries are Part of GDPR?
GDPR covers all of the European Union Member States, which includes: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden.
The United Kingdom is still part of the EU and thus governed by GDPR. This includes: Channel Isles, England, Northern Ireland, Scotland, and Wales.
GDPR also includes European Economic Area Countries, such as Iceland, Lichtenstein, and Norway.
What Non-European Countries are Part of GDPR?
There are dependent territories/countries that are technically in the EU though not in Europe that are governed by GDPR, these include: Azores, Canary Islands, Guadeloupe, French Guiana, Madeira, Martinique, Mayotte, Reunion, and Saint Martin.
The European Union is a Fluid Entity
You need to keep up on the news and be aware of countries exiting and entering the EU and who are governed by GDPR. For instance, the United Kingdom has plans to leave (Brexit). Italy and Greece are making noises about leaving. Potential Member States trying to enter are Albania, Bosnia & Herzegovina, Kosovo, Macedonia, Montenegro, Serbia, and Turkey.
What Does the GDPR have to do with US Marketers?
Chances are, even if you’re a US company, you have European Union residents in your database. I discussed this with a small regional bank client recently. The marketing manager thinks of her company as being local. But after thinking about it more, she suddenly realized they have foreign investors applying for mortgages, opening bank accounts, etc. This put her in a panic, knowing she needs to get her data collection, website and company policies aligned with GDPR compliance.
Many US companies have been collecting email addresses for years through lead generation programs and eNewsletter subscriptions, without collecting the country of residence for the subscribers. If this is your situation, you need to get compliant or stop emailing your list.
If you need help with updating your marketing automation platform for GDPR compliance, we can help. We help clients manage their campaigns on several marketing automation platforms, such as Marketo, Salesforce Marketing Cloud (Pardot and ExactTarget), Hubspot, and IBM Marketing Cloud (Silverpop). Contact us!