Over the past year the EU, General Data Protection Regulation, announced new regulations that require anyone who controls personal data to comply with specific set rules. It serves to empower individuals in the use of their personal information and data obtained by companies. These new rules take effect on May 25, 2018. Updates to ensure aid in your compliance will roll out first to clients operating internationally.
What is GDPR?
GDPR or the General Data Protection Regulation is the European Union’s new legal framework for data protection and regulation. It empowers EU residents in the use of their personal information and data obtained by organizations.
It enforces new regulations on organizations who collect or process personal data of EU residents. If violated, it imposes monetary penalties.
There are three major rights the EU gives it’s citizens that you’ll need to ensure you’re compliant with.
- Right to be Disclosure
- Right to Request Data
- Right to be Forgotten
But My Brand Doesn’t Operate in the EU
The EU’s new regulation extends to all its citizen’s data no matter where that data is used or stored. For example, this means if someone from the EU completes a web inquiry you must ensure you’re capable of meeting the EU’s standards regardless of whether or not your brand operates there.
Although most of your leads may come from countries outside of the EU or you don’t operation in Europe the best rule of thumb is to begin using the EUs standards across all your leads. This ensures you’re meeting any and all standards and that no incidents will occur that may make you legally liable for non-compliance.
What’s the Effect of the New Regulations?
In the past, many marketing and sales operations have worked under the opt-out model but the new regulations cause these departments to think about our efforts in terms of opting-in. Once GDPR has gone into effect every lead or contact that enters your FRM system will be subject to this legislation.
Contacts and/or leads will reserve the right to have their data removed from your FRM system at any time. FRM is required to disclose and require consent for storing Personally Identifiable Information – PII. This will require FRM to perform updates to all client systems to ensure we can comply with this law and that we are protecting you, our valued partner.
What’s My Brand’s Role in This?
Your brand is considered a Data Controller. Simply put, this means you control what and how the data your collecting is used. This makes you responsible for ensuring your compliance with the EU’s regulations but FRM is putting tools in place to help you meet these standards.
What is FRMs Role in My Brand’s Compliance?
FRM is considered a data processor. As a processor, we will be aiding our customers in meeting the new requirements with updates to the FRM platform. FRM is also obligated to meet the EU’s standards since we also market to clients and potential clients, therefore FRM is also considered a controller to its clients and prospects.
As a data processor, we’ve made updates to FRM that allow you to ensure compliance with FRM.
How Do I Learn More?
Vist the EU General Data Protection website. Also, find the below resources from our parent company Arke Systems.
- FRM Example Disclosure Document
- How to Cope With GDPR: New EU Data Law Promises Big Changes for Marketers
- Practical Application of the GDPR for Marketers: Data Retention, Erasure, Access Requests, Preference Management
- Practical Application of the GDPR for Marketers: Data Security & International Transfers
- GDPR: Why You Should Care About the EU’s Data Protection Regulation