The GDPR: Will this New Law be a Corporation’s Nightmare or a Win for Internet Users?


Do you hear it? The panic? There’s a digital treble, an ominous tone, and in the land of agencies and personal data collectors alike, it comes in the shape of a ‘G’, a ‘D’, a ‘P’, and an ‘R’. 

It’s the General Data Protection Regulation, and much like Blitzkrieg, it’s set to hit May 25th. Walls are going up; blindfolds are being fastened; it’s going to be a cold summer in Europe.

Okay, I know, maybe this is a bit of an overstatement. A digital war isn’t starting and no, my goodness, nobody is going to pixelate and fade into the digital ether. Here is what the General Data Protection Regulation will mean for you and your business.

For starters, it applies to all businesses within the EU and those who process its data, regardless of processing location.

This piece of regulation has been in the works since April 2016 and is the biggest update of the Data Protection rules since their introduction in 1995. The main idea: give faculty back to their citizens and their personal data usage. It’s about empowering the people, enabling users to access, correct, amend, and or delete their data at anytime.

How Will the GDPR Affect Businesses That Fail to Comply?

The downside to this is how the GDPR will affect small agencies, businesses and the ways in which marketing companies have collected data for years. According to CNBC, “organizations can be fined up to 4 percent of annual global turnover, or 20 million Euros, whichever is bigger”. And that’s no small fee.

Here at the Masonry office, it’s been a major topic of conversation as we work through how to keep our clients safe under this new regulation, and although the future of data collection itself is as murky and relatively unknown as it’s ever been, we’ve found some sense in it all.

One of the primary methods we’ve used to help clients is in defining and helping them understand how to obtain consent — the primary component of the GDPR. Consent is a word that’s hovered over the GDPR like the threat of rain, and in order to obtain data, subscribers and customers alike can either accept or decline the capture of their personal data. 

So, How Exactly do we Obtain Consent?

Well, it’s important that users are clear on the specifics of their tracking. Meaning: companies must be very straightforward about how the data will be used once obtained. This cannot involve pre-ticked boxes or presumptive opt-ins.

From what we’ve learned, the subscribers must explicitly opt-in to your sites storage so that they can then manage their own personal data.

However, if you aren’t confident in your ability to demonstrate subscriber consent then it’s recommended that you re-permission via email — one of the best tools to use in preparation for this change. Many companies, such as Mailjet and Mailchimp, have already been planning ahead for the onset of the GDPR, offering services to quickly obtain subscriber permission. Keep in mind though, if you’re unable to reach consent with your customers or subscribers then it’s important the files are deleted. That way, your company can avoid penalties.

What are Additional Rules to Consider?

Per the text, there are a few additional rules to be sure your company follows to the letter so that you don’t fall under scrutiny of the law. It includes:

  • Parents or legal guardians must opt-in and give consent on behalf of children under the age of 16.
  • Companies must notify the proper authorities within 72 hours of a data breach, who in turn must notify customers “without undue delay” of compromised personal information. 

Making Sense Out of the New Era of Digital Responsibility

Although the possibility of losing years of subscriber data may sound terrifying, it’s not the end of the world. In order to collect data, we are now entering a new world of digital responsibility. Data collection should be a transparent industry, used only to engage with customers who truly want to be involved in your business — it shouldn’t be an industry mired in opaque terms and conditions like it is today. We truly believe good business is honest business, and if you’re operating within that mindset, the GDPR should be of no worry to you. If you’re currently compliant with regulations like the GDPR and take your email marketing seriously, you can rest easy knowing that your business functions to the benefit of not just your bottom line, but to the user as well. 

If you are worried about the GDPR and its affect on your business, please visit the EU’s GDPR informational website for the full text of the regulation. 

Contact Us