Where were you on May 26? That was the European Union’s (EU) General Data Protection Regulation’s (GDPR) “enforcement date.” Which means a company must be fully in compliance if it collects personal data on anyone who lives in the EU, “regardless of the company’s location.”
The EU Parliament approved/adopted the GDPR in April 2016. It’s a new set of regulations designed to enhance the protection of EU citizens’ online privacy and personal data. More importantly, it increases companies’ obligations to deal with that data in secure and transparent ways.
And what is “personal data” as defined by the GDPR? Information related to a “natural person” that can be used “to directly or indirectly” identify that person. Such information could include name, email address, a photo, bank details, posts on social media channels, medical information, even a computer IP address!
Some “Good” and Some “Bad” News
Some good news: EU residents have to have been physically in the EU when they provide your U.S.-based company with their information.
But some bad news: they don’t have to have given you their personal information in an exchange of funds. They could simply have downloaded a free ebook you offered in exchange for their email address.
But now some pretty good news (as in “Whew!” you say as you wipe the sweat from your brow): U.S. digital marketers actually have to target EU citizens in an EU country in order to be under compliance regulations.
For example, say you’re a Michigan company that sells services to consumers in the U.S. All of your marketing and sales are geared to U.S. citizens. But Google being Google, someone in Holland uses the same keywords as a U.S. citizen, finds your website, reads your blogs, and then see your CTA regarding the free ebook you’re offering. The information in it is applicable to the Dutchman’s concerns and so he provides you with his email address. You don’t have to worry about GDPR compliance in this case. But, if you were specifically to refer to EU residents/customers on the website offering the ebook, you need to be GDPR-compliant.
Explicit Consumer Consent
So what if you do market to EU residents? Then you need to make sure that those who provide you with their information explicitly gave it to you. All of your landing pages, information forms, etc. will need to changed to make sure EU consumers’ data is “freely given, specific, informed, and unambiguous.”
However (and here’s some more good news), if your company already follows data security standards such as PCIDSS, NIST or ISO 27001, the GDPR’s regulations shouldn’t, as this Forbes article says, “be a burden.”
HubSpot and GDPR
Currently, Hubspot’s inbound marketing software prior to May 26 could be used in ways that comply with GDPR, but HubSpot itself admitted doing so could be “difficult and involve complex workarounds.” HubSpot, however was hard at work in the weeks leading up to the end of May to ensure that it would be easier to use its marketing software platform and meet GDPR compliance requirements.
If you’re still not sure if your company’s personal information data collection meets GDPR standards, HubSpot put together a questionnaire you can use to ascertain if your company is compliant.
Working with an experienced digital marketing agency such as Ingenex, means you can rest easy knowing that professionals who understand the ins and outs of data privacy regulations are helping you with your marketing. Contact our HubSpot Certified Partner inbound marketing agency to learn more about our services.