How Will GDPR Affect Kiwi's
GDPR stands for ‘General Data Protection Regulation’. It’s a new European law to do with the management of how businesses process and handle data, and it took effect on May 25th this year.
The question is – will GDPR impact your business here in NZ?
Well, initially it’s not going to be too major, because it’s only being rolled out in the EU. However, if for example, you have an email database that includes subscribers that live in the EU, then you’ll need to comply for those subscribers. Or if you have a website in the EU, and advertising to people in the EU, then you’ll definitely need that website to comply.
So if it’s a “yes” to either of the above, then you’ll need to make sure you understand the requirements and check to see that you’re playing by the rules.
If you don’t have a website in the EU, but you have some people on your database that live there and that you send newsletters to, and you’re using popular email marketing tools, then the chances are you’re probably already doing many of the things that are required by this new law anyway, so you won’t need to worry too much, but best to be sure.
What is the GDPR law exactly?
These days we now create huge amounts of digital information each day, with websites, mobile phones and smart watches all collecting data that could identify us. Most people have no idea it’s even happening, but companies like Google and Facebook are tracking so much information about you it’s incredible!
So a few important people in the EU got together and developed a new privacy law. This has been put into place to make sure that customers privacy is kept protected, and that businesses are held more accountable for data breaches.
Companies will have to show where customers data is going, how it will be protected and what it will be used for. Personal data will also now include a customer’s IP address. It includes data like social media profiles, your physical location, and interests – which can affect advertising from Google AdWords, Facebook ads, programmatic advertising or any other form of online pay per click marketing.
If companies do not comply with the new law, then they will be fined a huge amount of $$$.
5 key points that companies need to understand:
Customers have the right to be informed: the right to ask you about their personal data, how it is used, and why it is being used at any time.
Customers have the right of access: customers can request a copy of personal information at any time.
Right of rectification: people can update (or request updates to) personal information at any time.
Right of erasure: people may request that you erase their personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
Right to object: people can unsubscribe at any time from emails or communications.
What are the key things you will need to do?
All data which you use for marketing will need consent from the customer. You will need to know when the consent was given and understand that this consent will not last forever. This needs to be regularly updated, and can be done by sending an email out asking if they still want to be part of the mailing list.
Customers have to ‘opt-in’ to a mailing list. Many marketers already have that button pre-selected and the customer would have to un-tick the box. Whereas this will have to be changed for the new law.
Customers are able to use the ‘right to be forgotten’ rule. This allows the customers to demand that their data must be erased. This then means that the data held by your company and any third parties who you have passed it onto must have that contact’s data removed.
You will need to keep a record of your updated customers list, how they opted in and what date they did this. As at any given time you may be requested to show this information.
Checklist:
- Run a “re-permission” email campaign for current EU-based email contacts
- Make sure you activate an “opt-in” button
- Make sure the cookies are on opt-in before you start to use them for that contact
- Create a well thought out system to ensure you collect the right data for when new contacts opt-in to the contact list.
Will this law come to New Zealand?
It could take quite a while to come to NZ, but who knows! We often follow in the footsteps of Australia, so if they implement something similar then no doubt we’ll quickly follow.
So, for now, you don’t need to be too alarmed, but you should definitely pay attention, as it might be coming to New Zealand sooner than we think, so you may as well start considering the steps your business will need to take and be a step ahead of the rest!