How ActiveDEMAND Has Implemented GDPR

The General Data Protection Regulation (GDPR) is an upcoming policy that will affect both EU businesses and organizations conducting business in the EU, specifically those on the Internet. This is a policy that aims to standardize policies on the personal data of consumers and it will come into effect May 2018. The aim is to give more power back to consumers and set new guidelines that businesses will have to follow.

Who does it apply to?

The GDPR applies to any organization processing personal data of EU citizens—regardless of where it is established, and regardless of where its processing activities take place. This means the GDPR could apply to any organization anywhere in the world, and all organizations should perform an analysis to determine whether they are processing the personal data of EU citizens. The GDPR also applies to all industries and sectors.

What Kind of Personal Data Does the GDPR Affect?

The GDPR policy covers a wide spectrum of personal information. It encompasses everything from general personal data (name, address, ID) to web data (IP, cookies, credit card). It extends to even more personal data like biometric data, health/genetic data, and sexual orientation. As a digital marketer, the regulation of more personal data will not have a large impact on your business unless you are in an industry that collects such data from customers.

How Do These New Regulations Affect You as a Digital Marketer?

As a digital marketer, you now must be transparent about how you handle personal information. For example, if you are opting in a visitor into your email list, you must link to a privacy policy to explain what you will be doing with their information. If you are sending it to a third party, you must explain how the third party uses the data.

Normally, you’d have to ask for consent to utilize user information in specific ways. But direct marketers do have the right to assume ‘legitimate interest’ when opting in. This basically refers to the implied use of the data, relevant use of data, and reasonable expectations of how data will be used. For instance, if an individual signs up to receive discounts and promotions, consent is not necessary. Legitimate interest also applies to activities like personalizing fields like names in email campaigns.

Then there’s the right to object part of the GDPR. You must give individuals the opportunity to object to the processing of their data. For digital marketers, the easiest way to do this is to give an option to opt out of your database. This provides the ability to stop receiving direct marketing campaigns from you. This also allows consumers to prevent their personal data being used in such cases as profiling and statistical use.

Another aspect to consider is ‘the right to be forgotten.’ To comply with this GDPR provision, you must give individuals the option to completely remove their personal information from your database. It may not have such a big impact on you if your business doesn’t deal with customers who have already opted out. But if you regularly create reactivation campaigns, this provision will be important.

How is ActiveDEMAND helping me comply with the GDPR?

ActiveDEMAND has always given marketers the tools to help with privacy and data handling. Here are a few examples:

  • Opt-In Communications: ActiveDEMAND has a simple process for obtaining and recording (and tracking) consent. ActiveDEMAND’s has Opt-In form elements, dynamic opt-in email fields, dynamic opt-in landing pages that give the marketer the ability to easily provide the opportunity to Opt-In to marketing communications. All Opt-Ins are captured, recorded, and managed on a the ActiveDEMAND prospect timeline thus it is easy to report on when a prospect has opted in and how. ActiveDEMAND as well provides a simple one-click guard for enforcing the Opt-In communications (i.e. globally locking outbound communication to only those who have opted in).
  • Right to object (opt-out): ActiveDEMAND has always had a simple system for tracking opt-outs. With ActiveDEMAND it is technically impossible to send an email to someone who has opted out. As well ActiveDEMAND does not allow outbound communications to people without providing the ability to opt-out (unsubscribe).
  • Right to be forgotten: With ActiveDEMAND, deleting a contact permanently deletes all data related to that individual. As well ActiveDEMAND provides a simple ‘Forget Me’ form element that can be presented to a prospect.
  • Right of access: All the data collected on a contact is easily accessible within the platform. ActiveDEMAND will soon provide a simple form element that makes it easy for marketers to automate the process of complying with a ‘right of access’ request. ActiveDEMAND has an extensive privacy policy that describes what data ActiveDEMAND collects.
  • Right of portability: All ActiveDEMAND’s data can be exported. This includes contact lists, metadata, and the conversions captured within the database.

More on the provisions and how ActiveDEMAND can help you comply can be found here. It is best to work with an educated legal firm to help you adhere to the full guidelines as there are hefty fines for businesses that fail to comply.