The GDPR Regulations are a tad verbose.
We know; we came in hot with an 88-page, soul-deadening PDF. One look at the lengthy document might have you thinking, “O.M…GDPR!”
Just know that when it comes to one of the most talked about changes in data protection, we’ve got you, friends.
We’ve collected concise, reliable and sourced information to get you up to speed and prepared as your fellow DMOs cede to the newer way of things.
Read on for some basics about GDPR, and if/how you’ll need to adjust the way your DMO gathers and uses personal information for marketing communications.
What is GDPR?
Replacing the 23-year-old European legislation established in the mid-’90s to “set strict limits on the collection and use of personal data” (Source: EUR-Lex), is the 2018 General Data Protection Regulation (GDPR)—an evolution of the 1995 law with modified rules on how companies handle personal data.
Why the new rules?
The European Commission, European Parliament and the Council are aiming to strengthen data privacy and security for EU citizens, including how their data is collected, stored, processed and destroyed.
What’s considered personal data?
“‘Personal data’ is information relating to an identified or identifiable natural person. A person can be identified from information such as name, ID number, location data, online identifier or other factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. This even includes IP addresses, cookie strings, social media posts, online contacts and mobile device IDs.” (Source: Lexology)
Does GDPR apply to US DMOs?
US DMOs are subject to GDPR if they have any customers or contacts in the EU and process the personal data of those contacts. So, how you gather and use their information for marketing communications will need to be compliant with GDPR.
For example, DMOs that do any geo-fencing or e-communications for international trade shows (IMEX Frankfurt, IBTM World, ITB Berlin, etc.) would need to ensure compliance.
If your DMO website/data collection platform
• targets EU residents
• accepts the currency of an EU country
• has a domain suffix for an EU country
• provides shipping services to an EU country
• provides translation in the language of an EU country
• markets in the language of an EU country
then GDPR applies to you. (Source: Lexology)
What happens if DMOs fail to comply?
According to Article 83, non-compliant companies will “be subject to administrative fines up to 20,000,000 EUR, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.” (Penalties sure to light a fire under the tuchuses of many companies, making GDPR compliance a top priority.)
What Does GDPR Mean for Email Marketing?
DMOs will only be allowed to send marketing email to EU citizens who’ve opted in to receive messages. So how you request, acquire and save subscribers’ consent might change.
“To achieve compliance, you have to adopt new practices:
New consumer opt-in permission rules
Proof of consent storing systems
A method through which consumers can ask their personal information be removed.”
If your DMO uses a signup form, it must be transparent about who’s collecting the consent, and it must specify the purposes of obtaining personal data.
Curveball: GDPR also affects all existing data.
When it comes to GDPR, there’s no such thing as data being grandfathered in. “If the database already includes subscribers whose permissions haven’t been collected according to the GDPR’s standards, or if the marketer can’t provide sufficient proof of consent for some of the contacts, they might not be allowed to send email to those subscribers anymore. In light of this, many brands may run re-permissioning campaigns.”
How to ensure your lead-generating landing pages are GDPR-compliant
If you’re creating landing pages with the intent of generating leads:
• Include a checkbox asking people if they’d like to opt in to receive email communications. The box can’t be pre-checked.
• Incorporate a disclaimer stating how the entrant’s personal information will be used.
• Keep track of proof of consent. There should be a field (in the back end of the site, for example) that clearly shows you’ve obtained permission to market to people.
• Tip: take a screenshot of the form on the website and save that as proof of the opt-in process.
Our two cents
Bring your entire database up to GDPR standards and adapt all of your opt-in processes to match the EU regulations. You’ll build trust with subscribers, improve your overall list quality and provide readers with content that’s relevant to them, increasing the chances of engagement and conversion.