If you’ve been following this blog, you know I’m all about preparing for the General Data Protection Regulation (GDPR) as it applies to content marketing. This rule applies to every company that sends commercial emails to anyone in the European Union. (If you don’t know where everyone on your list is located, assume at least one of them lives in the EU.) We’ve already talked about how, under this law, when you want to add a person to your email list, you must get their specific informed consent and you must be able to prove that you obtained their consent to be on your list.
The GDPR requires, when you obtain this consent, to provide the person (aka data subject) with the following information:
- The identity and contact information of the controller of the data subject’s information or their representative;
- The contact information for the data protection officer (if applicable);
- Your purpose for processing the data subject’s information and legal basis for doing so;
- The period of time the data will be stored;
- The data subject’s right to request erasure or corrections of their data or to restrict the processing of their data;
- The data subject’s right to withdraw their consent;
- The data subject’s right to lodge a complaint with the supervisory authority; and
- Whether the data subject giving their information fulfills a statutory or contractual obligation.
If you want to process the subject’s data for another purpose, you must tell the person in advance, and when a person’s data is processed for direct marketing purposes, the data subject has the right to object at any time.
At the first reading of these requirements, my first thought was that the signage at conferences where vendors collect business cards would have to become much more complicated to comply with GDPR. I thought about how this firm will comply with these requirements. People voluntarily add themselves to my email, so I don’t know where they live. I will be adding double opt-in consent for my email list, and I believe the most effective way to comply with these requirements is to include this information in the confirmatory email.
You can hear more about these requirements here:
We have to comply with these rules by May 25, 2018 when this new rule goes into effect.
If you want more information about GDPR, please watch this site and my YouTube channel because I’m creating a substantial amount of content on this topic. You can also send me an email (Note: I can’t give advice to non-clients). I use my mailing list to I share my thoughts about being a lawyer/entrepreneur, updates about projects I’m working on, upcoming speaking engagements, and I may provide information about products, services, and discounts. Please add yourself if you’re interested.
You can also connect with me on Twitter, Facebook, YouTube, or LinkedIn.