GDPR is a new comprehensive data protection law in the EU that updates existing laws to strengthen the protection of personal data. It came into force May 25, 2018.

Many of our US clients are shocked that they need to worry about GDPR compliance. The impact is especially felt by the marketing department who uses marketing automation or sales automation software to manage prospect or client data. The territorial scope of the GDPR applies to companies operating in the EU and also to non-EU businesses who:

• a) market their products to residents of the EU, or who
• b) monitor the behavior of residents of the EU.

In other words, even if you’re based outside of the EU, but you control or process the data of EU residents, the GDPR will apply to you.

Many marketers also don’t know what countries are part of the countries and territories covered by GDPR compliance. Read on for a list.

What European Countries are Part of GDPR?

GDPR covers all of the European Union Member States, which includes: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden.

The United Kingdom is still part of the EU and thus governed by GDPR. This includes: Channel Isles, England, Northern Ireland, Scotland, and Wales.

GDPR also includes European Economic Area Countries, such as Iceland, Lichtenstein, and Norway.

What Non-European Countries are Part of GDPR?

There are dependent territories/countries that are technically in the EU though not in Europe that are governed by GDPR, these include: Azores, Canary Islands, Guadeloupe, French Guiana, Madeira, Martinique, Mayotte, Reunion, and Saint Martin.

The European Union is a Fluid Entity

You need to keep up on the news and be aware of countries exiting and entering the EU and who are governed by GDPR.  For instance, the United Kingdom has plans to leave (Brexit).  Italy and Greece are making noises about leaving.  Potential Member States trying to enter are Albania, Bosnia & Herzegovina, Kosovo, Macedonia, Montenegro, Serbia, and Turkey.

What Does the GDPR have to do with US Marketers?

Chances are, even if you’re a US company, you have European Union residents in your database.  I discussed this with a small regional bank client recently. The marketing manager thinks of her company as being local.  But after thinking about it more, she suddenly realized they have foreign investors applying for mortgages, opening bank accounts, etc.  This put her in a panic, knowing she needs to get her data collection, website and company policies aligned with GDPR compliance.

Many US companies have been collecting email addresses for years through lead generation programs and eNewsletter subscriptions, without collecting the country of residence for the subscribers. If this is your situation, you need to get compliant or stop emailing your list.

If you need help with updating your marketing automation platform for GDPR compliance, we can help. We help clients manage their campaigns on several marketing automation platforms, such as Marketo, Salesforce Marketing Cloud (Pardot and ExactTarget), Hubspot, and IBM Marketing Cloud (Silverpop).  Contact us!

The post Do You Know Which Countries are Included in GDPR Compliance? appeared first on Beasley Direct and Online Marketing.

GDPR is a new, comprehensive data protection law in the EU that updates existing laws to strengthen the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state. It will begin to be enforced May 25, 2018.

While the current EU legislation (the 1995 EU Data Protection Directive) governs entities within the EU, the territorial scope of the GDPR is far wider. It will also apply to non-EU businesses who:

a) market their products to people in the EU, or who
b) monitor the behavior of people in the EU.

In other words, even if you’re based outside of the EU but you control or process the data of EU citizens, the GDPR will apply to you.

What is the GDPR?

The GDPR regulates the “processing,” which includes the collection, storage, transfer or use, of personal data about EU individuals. Any organization that processes personal data of EU individuals, including tracking their online activities, is within the scope of the law, regardless of whether the organization has a physical presence in the EU or not. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).

The GDPR provides more privacy rights to EU individuals and places significant obligations on organizations regarding data collection. Some of the key principles are:

1. Transparency on how data will be used and what it will be used for.
2. Ensuring that the data collected is used only for the purposes explicitly specified at the time of collection.
3. Limiting the data collection to what is necessary to serve the purpose for which it is collected.
4. Ensuring the data is accurate.
5. Storing the data for only as long as necessary within its intended purpose.
6. Prevention against unauthorized use or accidental loss of the data through deployment of appropriate security measures.

What is the Penalty?

Under the GDPR, authorities can fine organizations up to the greater of €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred.

How Specifically Do You Comply?

GDPR compliance will involve several steps of updating your marketing operations at all touchpoints with customers.  You will need to update your privacy policy, add data collection fields to your forms, update your subscription center, and ensure data is secure, etc.  Hubspot provides a helpful checklist (get documentation here).

We’ve compiled links to several marketing automation platforms’ documentation for GDPR compliance. We have found that most of the platforms provide specific shortcuts to implement changes to form fields and data maintenance.

We found this guide from Marketo especially helpful, even if you’re not a Marketo user. It provides specific examples of fields to add to your forms (get documentation here).

Anybody using the Salesforce Marketing Cloud has multiple touchpoints and products within the cloud to update. They provide comprehensive documentation (get documentation here).

Here’s a guide provided by Oracle Marketing Cloud (get documentation here).

Here’s a guide provided by IBM Watson (get documentation here).

If You Need Help Updating Your Marketing Automation Platform for GDPR Compliance, Contact Us

If you need help with updating your marketing automation platform for GDPR compliance, we can help. We help clients manage their campaigns on several email platforms. Contact us for a free consultation!

The post GDPR Compliance is Coming to Marketers in the US: Are You Ready? appeared first on Beasley Direct and Online Marketing.