GDPR

General Data Protection Regulation

Why GDPR should matter to you:

GDPR goes into effect on May 25, 2018, and if you send emails to, process, or collect information from people in any of the 28 European Union countries, you are subject to the General Data Protection Regulation (GDPR). Among other things, this new regulation requires:

  • Consent  – you must have a separate, not pre-checked opt-in consent to marketing efforts and agreement your terms & conditions or privacy policy.  
  • Data Portability - If requested, you must provide all information collected about an individual in a commonly used and machine readable format.
  • The “Right to be Forgotten” or Data Erasure – Entitles the data subject to have the data
    controller erase his/her personal data, cease dissemination of the data, and potentially have third parties halt processing of the data as well.
  • 72 Hour Breach Notification – It will be mandatory if your company experiences a data breach that is likely to result in risk for the rights and freedoms of individuals.

...and that's just a sampling of the new rules.  Also, penalties for failure to comply are stiff, your company can be fined up to four percent of annual global turnover or €20 Million, whichever is greater!



Photo by rawpixel on Unsplash

Our Marketer Research Says...

61% of Marketers report they will not be compliant by May 25th, or do not know if or when they will be compliant.

placeholder

The three biggest concerns are consent verbiage hurting marketing efforts, CRM systems and providing/deleting info when requested.

placeholder

Marketers are preparing for GDPR by changing online forms, documenting privacy policies, and working with legal teams.


CFE Media Research, April 2018

Photo by rawpixel on Unsplash

Our Suggestions

CFE Media & Technology is taking the GDPR very seriously, and will soon be compliant in all of our systems and data management. If you determine the GDPR applies to your company (and it probably does), there are a lot of resources available to you. 

For starters, we strongly suggest the following:

  • An internal data audit of what personal information you collect and of all of the systems or third parties this information is transferred to or from.
  • Determine if your company is a data controller, data processor, or both – same for all third parties that share your companies data.  
  • Examine your opt-in consent verbiage, terms and conditions, and/or privacy policy for compliance, and consult with legal counsel if needed to make sure you are compliant.

Resources

Of course, CFE Media & Technology cannot legally consult you on what you need to do, but here are some resources that may help you evaluate your companies risks and actions required:



Photo by chuttersnap on Unsplash

cfemedia.com
Rick Ellis
Data Protection Officer
Rellis@cfemedia.com
(630) 571-4070

Cookies