This blog post is in no way intended to serve as legal advice. It provides transparency to some of the actions True has taken to be a better marketing communicator. Please consult a legal professional to ensure you are GDPR-compliant.
With fines as high as $20 million or 4% of revenue for non-compliance, it’s no surprise that marketers around the world are making efforts to prepare for the General Data Protection Regulation (GDPR) became law on May 25, 2018. The legislation is the most comprehensive regulation ever implemented to address how companies collect and use data for EU residents — and True is proactively making changes to be compliant.
Although the GDPR is a European legislative policy, it can also affect companies outside of the EU if they market or communicate with people in the EU.
The legislation was created to give individuals within the European Union insight and control over the data companies collect about them. This legislation may also encompass citizens of other countries who are visiting, staying or residing within the EU during their stay. Therefore, American-based organizations like True may find themselves affected by the legislation.
True has worked with legal experts familiar with the regulation, and we have made several adjustments to our business practices to better align our communication efforts with the legislation.
One of the core tenets of the GDPR is that customers have the right to know how their information is being collected and what it is being used for. To be more transparent with our customers about how we collect and use their data, True has taken the following steps:
Honesty is key here — we want to let our visitors know why we are using cookies and what purpose this serves them. Tracking allows us to see what content is most engaging and valuable to our customers, so we let visitors know that cookies help to “get the best experience on our website.”
For example, we use third-party systems to store and process information. In our privacy policy, we explicitly disclose what third-party systems are used, how they are used and provide links to their privacy policies.
The second tenet of the GDPR is that customers have control over how their data is used. To address this, True has made adjustments to our subscription forms to ensure customers have consented to the collection and use of their information for marketing purposes.
To verify that customers want to subscribe to future communications, we now use a double opt-in process before engaging in any continued marketing or communications.
What is involved in this double opt-in process? First, we ask customers for consent to send them marketing materials on the forms located on our website. Next, we send a follow-up confirmation email asking the customer to again confirm their consent by clicking an additional link.
In addition to the double opt-in process, we are implementing several additional best practices to ensure consumer consent:
While True has taken these steps to be compliant, these actions may not be suited for other organizations. To ensure your company is fully prepared for these legislative changes, refer to the Independent Commissioner’s Office GDPR guide and also consult with legal professionals to ensure your privacy policy and practices are in compliance.
Read part 2 of our GDPR blog series for a continued discussion of GDPR and how you can leverage the legislative changes to maximize marketing efforts.