In this article we will explain how LeadBI will meet these requirements and the relevant impacts for our users and their customers. We will also give you some tips to better prepare you for this great change of rules.
LeadBI has been working for several months to be in full compliance with the new regulation by the deadline of May 25, 2018. As a LeadBI customer, it’s important to understand how GDPR affects you and your use of the LeadBI platform services .
Please note that LeadBI provides this information for informational purposes only and should not be relied upon as legal advice. We encourage you to consult with legal advisors and other professionals to fully understand how the GDPR applies to your organization and businesses.
What is GDPR?
The GDPR, General Data Protection Regulation, is a regulation on the privacy of the European Union that will come into force on 25 May 2018. It’s a general regulation that applies to all organizations that offer goods and services in Europe, regardless of the fact that the organization is in Europe or not. The regulation therefore applies essentially to all organizations with a website that interacts with European residents.
Who does it apply for?
The GDPR is direct to all those who have a website that collects or processes personal data of residents in the EU. The new regulation will be applied to all the subjects that process personal data, indistinctly from the working sector, type of company, subject or not for profit, with or without headquarters within the European Union.
What are the goals and changes that will be applied?
All European citizens, thanks to the GDPR, will get new rights. The goals concern:
- Create uniform European data protection regulations;
- Give all citizens the control over the use and processing of data;
- Empowering companies on data processing.
The new rights exercisable by citizens are:
Right of rectification: Individuals may request that their information be updated or corrected.
Right to be forgotten: Individuals can request that their information be permanently deleted.
Right of portability: individuals can request the transfer of their information to another organization.
Right to object: People may try to prohibit certain uses of their personal data.
Right of access: Individuals have the right to know what personal data has been collected about them and how they are used.
The GDPR requires that people be provided with transparent information on how their personal data will be processed, including the specific purpose for data collection, the duration of data processing and other details.
Furthermore, it’s mandatory to establish data retention times. There are currently no binding indications. The legislation confines itself to saying that personal data should be adequate, relevant and limited to what is necessary for the purposes of their processing.
For this reason you must ensure that the retention period of personal data is limited to the minimum necessary.
What are the consequences in case of non-compliance with the new rules?
In case of illegality and failure to comply with the new rules, individuals and companies may be subject to fines ranging from 2% to 4% of revenue and up to 20 million euro for the most serious infringements.
How to have the consent?
The consent to the processing of personal data must be given freely in the form of a clear affirmative action.
Passive opt-in (for example: pre-selected consent) will be prohibited. The only form of consent approved is the Opt-in.
The Opt-in is the process in which contact freely and voluntarily gives the affirmative consent to the processing of personal data.
This means that you can only legally use lists that are 100% opt-in and only if you can show that these contacts have actually given their consent.
It’s advisable to use the double opt-in as a form of consent to have a clear and safe consent.
So, the GDPR requires that a person provide informed and affirmative consent for any manner in which their personal data will be collected, used and processed. This means that you will need to enter further consent statements on your forms and websites and you will not be able to collect, use or process personal data until the individual has given that consent. You will not be able to rely on pre-crossed boxes, silence or inactivity as a basis for consent. You can use the data only for the treatment modalities expressed in the consent, otherwise you will have to ask for a new consent for a different use of the data.
Cookies and GDPR compliance
This means that cookies used for analysis, advertising and functional services such as surveys and chat tools are at risk of non-compliance under the GDPR.
They are not prohibited by the GDPR. However, if consent cannot be demonstrated on an individual basis, there is a risk of non-compliance.
If you can show that your company has a legal basis to collect and process the data in question, you can continue to do so.
Soon the “’cookie law” will be updated and aligned to the GDPR.
Important changes for the automations
There are important changes to be addressed also to the Marketing Automation:
- Automated data management campaigns: companies must ensure that all automatic data enrichment activities are declared. All data must be verified, declared and permitted through the acceptance of valid opt-in and marketers are responsible for ensuring that the results of any automatic acquisition procedure of new or existing data have the required consent.
- Reverse IP tracking: reverse IP monitoring has become essential. Marketers must seek consent before storing and processing an individual’s IP address.
- Leadscoring:in GDPR terms, marketers must have the consent to profile and proceed to the automatic calculation of a contact’s leadscore.
- Reactivation programs: according to the GDPR, people who have not had a recent relationship with the company can no longer be contacted through reactivation programs.
- Record disposition: If marketers don’t have the consent to store and process the data of a person, they must immediately delete such data. Procedure that must be applied to contacts and to all data accumulated over time but without the opt-in.
All service providers by Marketing Automation, including LeadBI, are already at work for months to apply all the changes needed to comply with the new rules.
Marketing Automation helps achieve GDPR compliance
The Marketers highlighted three points in favor of the Marketing Automation softwares that show an easy achievement of GDPR compliance with the use of MA software, they are:ù
- Allow customers to manage information and preferences of e-mails shared with them
Using your Marketing Automation platform to create an email preference, you will help your customers with the choice of information to receive, making the process intuitive and simple.
Allowing customers to manage their email preferences leads to an advantage on both sides, you will make the customers more satisfied that will lead to greater trust in you or towards the company. This greater freedom of the client leads to an increase in opening rates and refines the segmentation process.
- The possibility of separation of informations “Need-to-know” with the “nice-to-know” informations
When customer data is centralized in a marketing automation platform, you can easily analyze and adapt it for GDPR compliance. Within the platform, reviewing the information you collect, organize and segment it helps you determine which ones are compliant with GDPR standards and how to proceed.
- Ability to set different levels of authorizations
The GDPR offers European citizens the opportunity to change their mind about consent at any time and have the right to change their consent or revoke it at any time.
Be sure to create separate and updated authorization lists based on changes made by the customer or revocation request.
Thanks to the multiple functions of the Marketing Automation platforms (Click and see here), you can build or integrate modules that comply with the new privacy standards, adding opt-in fields describing how to use the data.
How will LeadBI comply with the GDPR?
As a LeadBI customer, GDPR guarantees more protection and privacy rights. We will be ready to comply with these regulations and to handle requests from the user in such a way as to be in complete conformity.
Right of rectification:You can change your account information at any time via the LeadBI account settings. You can also contact us directly to edit or update your information.
Right to be forgotten: You can cancel and close the LeadBI account at any time. After receiving a cancellation request, we will permanently delete your account and all data associated with it within 30 days of receiving the request.
Rights of portability: if requested, we will export your data so that it can be transferred to third parties.
Right to object: At any time, you can oppose (via opt out) your personal data used for specific purposes. (For example direct marketing, research, etc.)
We are working on the latest updates that will make the platform compliant with the new regulation and perfectly safe for our customers.
How LeadBI will help you to respect your customers requests about GDPR
The new rules of GDPR are also apply to your customers. The LeadBI GDPR compliance program will help you meet the demands you receive from your customers.
- You can update your contact information at any time.
- If you receive a delete request, you can delete a contact and all data linked directly from your account. If your contact contacts us directly with a valid request, we will inform you of the request and delete contact details from your account, or through all LeadBI accounts, in order to comply with the GDPR.
- If your contacts require their personal data, you can export their data as a .csv file, which we will make available via a secure connection.
How to prepare yourself
Opt-in confirmation request
We recommend the use of the double opt-in which guarantees that you are complying with the affirmative informed consent requirement to use the e-mail addresses of your contacts and other contact information to send them messages in the future. Click here to view the guide on creating opt-in forms.
Learn how to edit and delete contacts
The right of rectification is a fundamental part of the GDPR, which allows a contact to update and correct the information. With LeadBI it is very easy to find your profile contacts and proceed to modify or update it. Click here to access the guide.
The right to portability and the right of access both require the possibility of exporting individual contacts. With LeadBI you can easily and quickly export every contact. Click here to view a guide on how to export the desired contact.
Add an affirmative consent and declare use through the activation forms
You will need to clarify how you will use the personal data that you collect in the activation consent forms. You can use LeadBI modules with the ability to use HTML blocks. We recommend that you seek advice from a qualified legal professional before publishing your consent request for greater compliance security.
Delete inactive contact lists
The intent of GDPR is to protect the privacy of residents in the EU. Following the guidelines of this regulation, it is recommended to delete personal data that are no longer necessary or inactive. You can choose to delete inactive or unregistered contacts rather than keeping them in your account.
Advice with a qualified lawyer
These are our useful information to help you prepare as a LeadBI customer, but the GDPR guidelines are expansive and most likely influence other aspects of your business. We recommend that you contact a qualified legal counsel to understand the full impact of the GDPR on your business.
What LeadBI is doing for full Compliance
With GDPR taking effect May 25, 2018, we want to assure our users that we will be fully compliant with the regulation.
Product Updates – GDPR Tasks
- (In progress) implement delete account
- (In progress) implement download account data functionality (csv and json)
- (In progress) implement cronjob for deleting visitors data after 3 months
Disclaimer: This document is not legal advice. It’s only meant to provide general information on GDPR.