What GDPR Means For Your Business

The General Data Protection Regulation‘s (GDPR) requirements aren’t geographically limited to Europe. The European Union’s (EU) new consumer protection standard, slated to take effect May 25, 2018, is set to regulate current privacy data laws throughout Europe. While some on this side of the Atlantic may dismiss the stringent regulation at first glance, the implications for businesses around the world, especially those marketing to EU dual citizens, wittingly or unwittingly, are far reaching.


What Is GDPR?

The overarching goal of GDPR is to protect people’s personal data. According to Marketing Profs, the GDPR’s goals include standardizing laws, increasing security, increasing accountability and protecting rights. Businesses will be required to be transparent with their customers and their personal data.


Who Does GDPR Affect?

Compliance is based on the EU residency of the individual, not the location of the company that collects or processes the data. In theory, an American company collecting or processing the data of an EU citizen living in the U.S. is subject, because that individual could return to the EU and qualify for the law’s protections.


Targeted Web-Based Marketing

Would an EU-based user who came across an American website automatically protected by the GDPR? According to Forbes, generic marketing doesn’t count. The website in question would have to target a specific subject in an EU country. For example, a European user who finds an English-language webpage written for U.S. consumers or B2B customers would not be covered under the GDPR.


Email Marketing

According to Business2Community, with a nearly 3,800 percent ROI, email marketing is simply too valuable of a tool to ignore. For years, offering gated content and upgrades was the best way to grow email lists. Visitors would enter their email address and download the content and another ead was generated for future marketing emails. Now, the legality of that tried-and-true tactic may be in doubt. Under the GDPR, businesses must provide an email opt-out option while collecting a users information in order to remain compliant.



Not abiding by the GDPR’s rules will cost companies big time. According to CNBC and DMN, companies in breach of GDPR laws could possibly be fined up to four percent of global revenues. For example, Facebook could be liable for up to $1.6 billion for one violation!


Because the new law specifically deals with consumer protection and privacy, marketing efforts are directly affected. It impacts all touch points where consumer data is collected. The days of buying email lists and scrubbing the web for emails may be coming to an end because of the GDPR’s major emphasis on consumer consent. There are many layers to this regulation. We strongly encourage you to get in touch with an attorney to help draft a GDPR-compliant privacy policy and do the other things that are necessary to become GDPR compliant. Penalties for failure to comply can be severe, up to 20 Million Euros or 4 percent of a company’s worldwide gross annual revenue, whichever is greater.


This notice is for informational purposes only and not for the purpose of providing legal advice, and may not be relied upon as such.