All posts by Annabel Youens

Annabel Youens

About Annabel Youens

I'm a co-founder and CMO at AE. I believe that truly successful internet businesses have to connect people. {wave} When I'm not online I'm exploring beautiful Vancouver Island. Things I love: everything scifi, literary fiction, coffee, Google Music, my workhorse sewing machine and board games.

GDPR. GDPR. GDPR.

Anyone else still recovering from the GDPR (General Data Protection Regulation) inbox flood?

If you’re based in North America, you’ve probably also wondered to yourself if you’re even affected by GDPR. (Spoiler: you are!)

While centered on the European Union (EU), the GDPR will have a global impact.
While centered on the European Union (EU), the GDPR has a global impact.

The GDPR’s Global Impact

While centered on the European Union (EU), the GDPR has a global impact. Here’s why.

Even if you’re based in the US, Canada, or Mexico, if you handle any data from EU customers (there are 28 countries in the EU), you’ll be affected.

There are certain caveats to these rules:

  1. If the EU visitor/customer is not in the EU when you collect their data, the GDPR does not apply.
  2. Your visitor or customer does not need to purchase from your site for the GDPR to apply to your business.
  3. If you’re hosting a generic survey without directly targeting EU consumers, but a prospect from Britain fills it out, they are not covered under GDPR. However, if your study even mentions the EU, then the law kicks in.

But what about California?

The California Consumer Privacy Act of 2018 is another hot ticket item that could bring GDPR-like privacy rules to California– the heart of tech.

The California Consumer Privacy Act of 2018 could bring GDPR-like privacy rules to California.
The California Consumer Privacy Act of 2018 could bring GDPR-like privacy rules to California.

This could spell out a major change for businesses that collect and sell customer data. Customers will have to ask how their data is being used, and request to be removed (opt out). The GDPR focuses more on opt-in requirements, making the California regulations much more friendly to data collectors.

Customers who choose to opt out, cannot be punished or charged higher fees for services. And here’s the clincher: it allows public prosecutors and citizens to sue for data breaches or for the sale of personal data after someone has opted out. There’s no requirement that specific harm be proven before damages can be awarded.

Citizens can sue for data breaches and there’s no requirement that specific harm must be proven before damages can be awarded under California’s proposed Consumer Privacy Act.

This will make effective tracking and following through on opt-outs a top priority for companies that collect data in California.

What does this all mean for marketers in North America?

In a time where people are being asked for their data on a daily basis, and that data is being traded with other businesses, it’s about time customers gained some power. Historically, customers have had their data traded and sold without their knowledge, and with the rise in cybersecurity leaks, it’s well past time every internet user had rights.

As a marketer, it means you need to be prepared for a new age of data collection and transparency.

With these regulations moving from a possibility to a reality, we need to become proactive. Even if California’s privacy act does not pass, it’s inevitable that marketers will see a shift in data collection regulations.

Marketing strategies must shift from a cold transactional approach, to a warm, transparent and relationship-focused strategy.  

So, How Do You Build Trust as a Marketer?

It starts with upfront communication before you ask for any customer data.

When you collect data from customers, you need to clearly tell them how you plan on using that data. The context will matter when working within regulations like GDPR, because your stated context for collecting/using data is the only way you are legally allowed to use this data.

You can earn big points with consumers for providing the transparency they deserve.

From there, you need to give them explicit details on how you will use their data, and if you want to send them different information, you need to get permission.

***

Additional Resources

  • IDC Five Steps to GDPR
      • This white paper is basically a more in-depth version of the five-step guide above, so if you want more details, here’s the next stop.

This post is part of our series: Find Out Fast If Your Business is GDPR Ready. Our goal is to help businesses make sense of privacy and data. AE is your Babel Fish for Legalese 🐠

Why should you use Double Opt-In?

Double opt-in is an important way to get your customer to explicitly agree to joining your newsletter. If you’re focusing on being GDPR compliant, you’ll need to get your customers to say yes not once, but twice. Yep, they really want your newsletter and that is a great thing for you.

What is Double Opt-In?

The process of double opt-in

“Double opt-in” is when a user:

  1. Signs up to receive your emails
  2. Receives a confirmation email from you
  3. Clicks a link to verify their email and reaffirm that they wish to receive your e-newsletter.

Double opt-in is great because it ensures that everyone receiving your emails is actually interested in reading them!

How to Set Up Double-Opt-In

You can set up double opt-in using any email newsletter provider. We really like MailChimp. Here’s what they have to say about double opt-in and how to set it up using their service.

If you’d rather explore other options, here’s a list of some more providers you can try out:

This post is part of our series: Find Out Fast If Your Business is GDPR Ready. Our goal is to help businesses make sense of privacy and data. AE is your Babel Fish for Legalese 🐠

What is a Privacy Policy

Simply put, a Privacy Policy is a document that tells your customer what data you’re going to collect from them, how you’ll use it and who you’ll share it with.

Why You Need a Privacy Policy

If you have a business website, you should have a Privacy Policy. It’s important that your business models best practice, plus it’s likely that you’ll need one to meet your online legal requirements.

Take heart.💌 It doesn’t have to include swaths of pages of legalese. In fact, the more straightforward and simple you can make your Privacy Policy, the more your customers will trust you.

Great Examples of Privacy Policies

Writing a Privacy Policy can be awfully dry. We’ve collected a few examples of companies who have added personality to their boring documents, and managed to make them more interesting — even friendly. Almost as though you’re talking to their best customer service reps.  

Xero has a great privacy policy.

We’re huge fans of Xero and their Privacy Policy is clear and to-the-point. Marvel in its readability!

Typeform has a great privacy policy.

Typeform have, of course, used a form to display their Privacy Policy as well as their terms and conditions. Do check out their plain English version. It rocks.

MailChimp has a great privacy policy.

MailChimp has done a pretty good job as well on their Privacy Policy. They deal with a lot of customer data and have clearly marked out how they use it.

HelpDocs has a great privacy policy.

We love the fellas at HelpDocs.io and we use their service. They also break down the complex world of privacy well.

We think AE's Privacy Promise is a pretty great example of a privacy policy too.

We’re pretty proud of the work we’ve done on our own Privacy Promise.

Some Helpful Resources For Writing a Privacy Policy

The DMA (Data and Marketing Association), based in New York describes the outline your Privacy Policy should follow in their post How To Construct Your Privacy Policy.

Here’s what they recommend including:

  1. Contact Information
  2. The personal data you collect and use
  3. Whether you use cookies
  4. What kind of information will be shared with 3rd parties
  5. Marketing Preferences
  6. Review and Changes
  7. Notifications
  8. Security
  9. Enforcement
  10. Changes
  11. Effective Date

There are even several privacy policy generators available online. These can be helpful to get you started, but always get actual legal advice so you know you are covered.

Here are a few privacy policy generators you can check out if you’re interested:

How to Explain AE’s Service in Your Privacy Policy

To help you construct your own policy when you’re using AE Connect, it’s important to know several things:

What Data Does AE Collect?

The short answer is, it’s different depending on the service your customer registers with. We’ve broken down the information AE collects by service to help you fill in your Privacy Policy more easily.

Does AE Use Cookies?

The short answer is yes. Check out our Web Beacons and Cookie Guide.

AE’s Privacy Promise

We deal in customer data everyday. We know the companies who work with us trust us to keep their data secure and private. This is a huge deal to us and we don’t take the job lightly.

We have a Privacy Promise that outlines how we collect data and what we do with it. It’ll probably give you some ideas for your own.

Best of luck writing your own Privacy Policy. Of course, we always recommend you have the Privacy Policy you come up with reviewed by a smart and trustworthy lawyer.