On May 25th 2018, the General Data Protection Regulation (GDPR) will become enforceable, bringing with it significant changes and forcing advertisers to re-educate themselves on all things personal data related. The GDPR will signify a seismic shift of the control of information ownership — back to their original owners. Each and every one of EU’s 500 million citizens will be affected, and for all businesses that reside in the EU and/or process or collect information of EU residents — GDPR compliance is mandatory.
The term”personal data” takes on a broader scope with all the new laws, and includes (but isn’t limited to): name, home address, photos, bank information, email address, social media articles, medical information, IP address and RFID tags. For advertisers, it is already clear that this legislation will impact marketing purposes, from sourcing prospective email lists to launching targeted display advertising campaigns. Privacy policies will need to be reviewed and updated, with cookie pop-ups and sign up forms needing to be restructured. Yet, follow these checklists made for advertisers and you’ll be within the boundaries of the GDPR.
Cookie Consent (for retargeting)
This data is gathered from all people visiting your website and mainly used for retargeting in online advertising.
Cookie permission is key with the new regulations. You MUST ask for permission before a user’s data is collected. This can be achieved by installing a simple”cookie consent plugin” on your site, such as: https://cookieconsent.insites.com/
Ask this consent using language that’s simple to understand — stating exactly how you plan to use the individual’s data. Consent must be given explicitly, in the form of an unambiguous and affirmative action (e.g a binary option to allow the cookies). The key when forming these permission models would be to ask yourself, “what I am using this data for?
Pop-ups that state”by using this site, you accept cookies” are not sufficient. A choice needs to be available for the user to make. So as not to clutter the pop-up, providing a”more info” link within the message is also a popular option for advertisers.
Sign Up Forms
- After the user has filled in their details, use simple and honest language about your data collection activity. Similar to formulating your cookie consent pop-up, ensure the user knows which parties will collect their data and clarify exactly how the data will be used.
- Design your sign up form so that it has one box where a user can tick to agree to the Terms and Conditions, and a different box that they can tick if they want to also sign up to the mailing list.
- Have a clear opt-in choice within the form, so the user has to actively allow their data to be collected. Have these choices laid out in granular options so the person knows exactly what they are signing up for.
- Users should be able to withdraw their consent just as easily as they gave it. So for individuals that have signed up, it is recommended that companies have an unsubscribe link or button present in their emails. Customer support should also be given the ability to remove a user’s details, as per their “right to be forgotten”.
From the outset, GDPR looms as something to be taken seriously, with possible fines for not following the laws being intimidating to say the least. By following these steps you’ll safeguard your business to be compliant with the primary pain-points as an advertiser.
Disclaimer: the laws are open for interpretation in several regards and to guarantee 100% compliance we advise you to seek legal advice