If you haven’t been receiving emails from some of your vendors about changes to their privacy policies as the result of the GDPR or General Data Protection Regulation then you’re probably living under a rock. Here’s a brief look at what the GDPR is and whether it affects your online marketing efforts.
DISCLAIMER: I am not a lawyer and this is not legal advice. I have researched this topic and I’m providing my opinion based on my research. If you have clients in the EU or if your online marketing efforts target the EU, then seek legal counsel or research the topic yourself.
What is the GDPR?
GDPR, also known as the General Data Protection Regulation, is regulation enacted by the European Union regarding personal information and data protection. Specifically, the legislation’s purpose is to give EU citizens and residents control over their personal information and includes a particular focus on “digital rights.”
If you aren’t located in the EU, then should you care?
Yes, because the regulation extends the scope of EU data protection laws to include all businesses that process data of EU residents. So, if you know you have clients who are EU residents then you definitely should be paying attention. Online sources show that the penalties for non-compliance can be as much as 4% of global revenue.
But, if you don’t have customers in the EU, should you care?
First, it’s important to understand that a customer doesn’t need to make a purchase for the scope of the legislation to apply. If you collect “personal data” (defined here, but includes email address, name, etc.) of EU residents then the regulations may affect you. However, this is where things get a little complex.
Does GDPR Affect Your Digital Marketing?
If you have a website or if you’re running online ads then it’s very possible that residents of the EU can access these aspects of your digital marketing. So, are you obligated to adhere to the new laws because EU residents might interact with your website and ads?
According to this article on Forbes, you do not need to comply with GDPR standards, unless you are specifically targeting EU residents with your online marketing efforts. For example, a website written in German that targets residents of Germany would definitely need to adhere to the GDPR guidelines. Another example, if you run Adwords campaigns that are geo-targeted to appear in Spain then you are specifically targeting EU residents and any personal data collected as the result of that ad campaign would be protected under GDPR.
However, if you own a U.S. based business with no physical presence in the EU and a German resident who Googles a subject lands on your website and proceeds to fill out a webform requesting to receive your newsletter, GDPR does not apply. It has been suggested that even mentioning EU-based businesses as clients might be considered targeting the EU market, so as long as your online marketing is “generic” and not EU targeted, you should be fine.
It’s important to consider that accepting foreign currencies or having domain extensions with foreign suffixes would probably require you to be GDPR compliant.
If you’re not sure whether or not you need to comply, research or seek legal counsel.
We’ve provided a very brief summary of how we believe the regulation affects digital marketing of U.S. based businesses, but if you’re not 100% positive that your website and online advertising are compliant then read more about GDPR here or speak with a business attorney. The fines for non-compliance are hefty and adjusting your digital marketing so that you are compliant is not difficult.