One of the great things about being both a publisher and a fulfillment provider for publishers is that we are in the trenches with our clients. We face the same issues day in and day out.
Below are steps Stamats is taking to prepare their brands for the GDPR roll out May 28. I will preface this, as with all things that could get you a hefty penalty, with the caveat that you should run anything you do by your personal attorney and this is just an example of how one publisher is dealing with this new regulation.
If you are not already familiar with the term, the GDPR is a set of data privacy regulations for the EU that will go into effect May 28. OF THIS YEAR
The EU is serious about consumer protection in general and this is an extension of that.
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
The regulation focuses on emails and marketing via email to people who do not already have a relationship with you. The penalties for violations are steep. It has some teeth.
Step 1. You need to know where everyone on your email file lives. If you do not know that already, you need to ask them. We changed all of our forms to require a country code be selected and added conditional logic that if they selected one of the 22 EU countries or Canada a box pops up with overt language that gives us permission to contact their email. We did this back in 2016 to give them plenty of time before we had to take action.
Step 2. Anyone you do not know where he or she lives and who has not told you, you need to find out or drop his or her email address from your file. You need to suppress it in some way so not used for any type of unsolicited email.
We targeted European Union and Canadian emails that had not updated since requiring express permission with an email campaign to try to gain permission. If they didn’t give us permission by updating and checking this box, they don’t get newsletters or other email promotions after May 15.
To support a client, we undertook a project to append data to their homeless emails. You might want to run them through a program like Brite Verify to make sure they are still good emails, however. Those that returned as valid were sent off to be appended. The list was a 37% match and the project cost them barely $500. The client still has to ask permission from the EU names but at least they can clearly identify whom those people are.
Again, this is something that you might want to run by your attorney—especially the language in the permission check box.
You’ll also need a way to record that permission in a way that you can document the process if needed. We make that easy by hosting all our data in a single, unified database (we do that for clients, too).
Data management is our thing.