Disclaimer: This post should not be used as legal advice, and is meant to inform brands of the changes that will be taking place in May in the EU. We encourage every brand to review the GDPR specifics with their legal team to ensure proper compliance.
Here at CrowdRiff, data protection and privacy has been a number one priority for our platform and customers. Working with travel brands all over the world means that our platform has to be compliant with the strictest standards and regulations in every market we work in. The upcoming changes in the EU with the General Data Protection Regulation (GDPR) is no exception.
If you’re familiar with GDPR, and are here to see if the CrowdRiff platform is compliant with the upcoming EU data changes, then you’ve come to the right place! We’re proud that our platform has been vetted by some of the largest legal teams on the planet, for brands marketing domestically and internationally, and is fully compliant. If you want to know the details, or if you’re new to what GDPR means for your brand then you’ll want to keep on reading!
What is GDPR?
This May, the EU is introducing new data protection rules for citizens, called General Data Protection Regulation, or GDPR. If you collect any marketing data about people who live in Europe, then you’ll need to know what it means and if your processes are compliant with these new rules.
General Data Protection Regulation is legislation governing how marketers can use and manage “personal” data. It’s much stricter than previous versions and can come with some serious fines for brands who do not abide by them. The legislation comes into effect across the EU on 25 May 2018 and aims to improve data protection for all EU citizens. It’s important to note that GDPR applies to any organization regardless of geographic location, if you’re working with business in Europe, or handle data from the EU, GDPR applies to you.
How will GDPR Affect Marketers?
If you work with EU data, EU citizens now have the following rights that brands need to be aware of:
- The right to access personal data and to ask how the data is used.
- The right to be forgotten, withdraw consent to use personal data, or the right to have the data deleted.
- The right to transfer the data from one service provider to another.
- The right to be informed that a company is gathering data. Citizens must be informed before data is gathered, and they must opt in for their data to be gathered. This consent must be freely given rather than implied (no more implied hashtag rights!).
- The right to have information corrected if it is out of date, incomplete or incorrect.
- The right to restrict processing. Their data record can remain in place, but not be used.
- The right to object. Citizens can stop the processing of your data for direct marketing. There are no exemptions to this rule, and processing must stop as soon as the request is received. This right must be made clear at the very start of any communication from a business.
- The right to be notified. If there has been a breach compromising data, citizens have a right to be informed within 72 hours of first having become aware of the breach.
What do you need to do?
The first thing all brands should be doing is reviewing the type of data it has in its possession and how the data is being used. Look at your email marketing databases, CRMs and PR databases. If you have data (or systems) that breach the GDPR you have until May to get everything in order. Here are some example actions to take immediately.
- Change all your email subscriptions to double opt-in. This one’s a win-win, as you’ll also improve the quality of your email list: you know the addresses are real, and you know the people want to hear from you.
- Check that your email lists show a source for each contact, and that you can show express (not implied) consent. You now need to maintain records of the consents you have – i.e. what you told your users and how they gave consent for you to contact them.
Customer relationship management (CRM)
- Centralize all personal data in one place.
- Move spreadsheets such as Excel and Google Sheets into a central repository and delete all other sources.
- You need to be able to show express consent to email EU journalists.
Software System Review
- Work with your software suppliers to ensure they are versed in with GDPR means for them and are fully compliant with its requirements.
CrowdRiff Platform is GDPR Compliant
Working with brands all over the globe has prepared CrowdRiff for the upcoming GDPR legislations to protect our customers and citizens of the EU. We’ve taken every precaution to ensure that the social media data we collect for our customers is safe, is compliant with GDPR, and never provided to anyone outside of the organization.
Please do not hesitate to reach out to us at firstname.lastname@example.org to learn more specifics around the CrowdRiff platform and how we’re GDPR compliant.