GDPR – What companies that work with Digital Marketing must know
What is GDPR?
GDPR (General Data Protection Regulation) is the European Union legislation that significantly changes the obligations of companies managing personal data from EU residents. The change aims to increase the online privacy of these individuals.
Who needs to be compliant with the law?
Companies with a Digital Marketing operation that process EU citizens data must be compliant. Even if your business is based elsewhere, it must be in accordance with the legislation.
Important: This page aims to bring educational information about GDPR, however it must not be used as means to ensure your company is fully compliant. In this case, we recommend a specialized consultancy that will carry out an analysis and application procedure for your business.
How does GDPR affect my business?
GDPR demands different compliances that infer on security, transparency, privacy and confidentiality of data. The regulation has been effective since May 25, 2018.
If your company does not comply with legislation, it may be fined in up to 20 million euros or 4% of its annual revenue.
Sharing responsibilities
Understand how the involved parties are treated according to the regulation:
Data Controllers | Data Processors |
It’s your company | It’s the software you use to store and process customers and potencial customers data |
Primary responsibility | Secondary responsibility |
Responsible for security, transparency, privacy and confidentiality | Responsbile for making sure that your company’s data is stored and processed in a secure way |
Gathers information through forms and similar sources | Responsible for security and privacy in the processing of gathered data |
As controller, what does my company have to do to be compliant?
Among the required actions, there are:
- In your online pages, clearly state the goal for which you are capturing each of the personal data;
- Make an individual’s stored data available for their own consultation or deletion, if required;
- Include an alert in your website about the use of automated monitoring systems, explaining the use of this navigation data;
- Adjust Terms of Use, contracts and privacy policies to include the regulation demands;
- Ensure user consent about the use of their personal data;
- We suggest your company to seek for specialized consultancy to provide a complete evaluation on data protection. Read the full regulation here.
As processor, what is RD Station doing to be compliant with the regulation?
It’s possible to carry out a series of adjustments to GDPR by using RD Station Marketing. Additionally, we are deploying improvements to optimize the user experience of the platform and of the Leads that have stored data in it.
Below you can find the main ones:
Conversion consent
RDSM allows your company to easily edit its landing pages and forms, as well as insert checkboxes as a clear way to obtain user consent. More in this link.
Double confirmation for Registration
The feature is already available and allows ownership verification of an email address, without the need to use Automation Workflows and tags to do so. If the Double Opt-in feature is enabled, we send an automatic email post conversion to confirm the Leads interest in your company’s content. The double confirmation ensures new Leads are always valid and engaged contacts, keeping your base healthy and updated.
Lead public URL
We’ve inserted the option to disable the Lead public URL. Now, the standard option is disabled to protect the Leads information within the platform. Moreover, you will be sure that the access to the information is human and not mechanic, thanks to the Captcha inclusion, which is more of a resource to protect the Leads information in public URLs. For the accounts that have been with us since before June 2018, we recommend to disable the Lead public URL.
Exporting Leads and conversions
Only email addresses registered as RD Station Marketing users have access to the Leads and conversion lists. You can also consult the last exports history to know who did it and when they did it.
Digital Marketing in the era of data privacy
Gather user data with consent was already an obligation in several countries. With GDPR, this is reinforced to make the authorization more explicit. This means the time has come to think about how your company relates to its Leads.
Adjusting to the regulation is relatively simple, but the most important part is to structure your customer journey in a way that your marketing adds value to them, in order for them to keep interacting with your brand and sharing their data in a voluntary manner.