Spam & Regs: GDPR and What It Means for Your Business

E-mail, or E-mbarrassed

Well, this is embarrassing.

According to the 2018 Radicati Email Statistics Report, the average person has 1.75 e-mail accounts. And I have six. Six! That I can remember. And that isn’t including any ultra-regrettable, junior high school e-mail addresses I signed up for in the halcyon days of the internet, and have been trying to forget ever since (in my defense, sk8er_boi_98@hotmail.com was created well before Avril Lavigne hit the scene).

Now I suspect that number of 1.75 e-mail accounts per person is a touch low—dragged down by everyone’s Nana & Pop-Pop who have an e-mail so that they can use Facebook to comment on large corporations’ posts asking how their grandchildren are doing, but I digress. I have six e-mail accounts that I use fairly regularly, which means that on May 25th, 2018, I probably set a personal record for most e-mails received.

“Damn you, GDPR!” *shakes fist at the air*

Now, I know that my anger is incredibly short-sighted (and will be short-lived), but I imagine I’m not the only person who was annoyed by what seemed like an avalanche of privacy policy changes and companies begging for permission to continue to e-mail me. Perhaps this is karma for working in e-mail marketing, I thought to myself. Maybe, I only had myself to blame (no, never that) for giving my e-mail address out to every single contest, newsletter, and Nigerian prince. But whatever the cause, Friday, May 25th, 2018, the day that GDPR went into effect, will go down as the e-mail world’s Black Friday.

Europe, Always Leading the Way

It’s been almost two weeks — but for those who still don’t know, GDPR stands for General Data Protection Regulation. And believe it or not, GDPR has nothing to do with the unholy matrimony between Facebook and The Con-Artist formerly known as Cambridge Analytica (as a slight aside, the dissolution of Cambridge Analytica and the subsequent efforts put into the data firm Emerdata -that had been established in 2017 but basically inactive until Cambridge filed for insolvency- basically highlights the difficulties of tracking and correcting a data breach of this magnitude because even if Cambridge is no longer, who knows where said data ended up). No, companies have known about GDPR, the biggest change to data protection laws in 20 years, since the European Union ratified the regulation in April of 2016. They’ve just had a few years to adjust their privacy policies, but it looks like they’ve been procrastinating.

Ah, massive corporations, just like us.

And For the Layman?

While GDPR is a European Union regulation, it will affect any company with European customers. Europe has been leading the way in regards to online data and privacy regulations for years now, and this major new regulation has spooked enough big corporations that whether they service the old country or not, they’ve adjusted their policies. GDPR is meant to allow the general public better control over their personal data — this means anything from direct identifiers like IP addresses and cookies, or indirect identifiers like sociological, genetic, economic, or cultural reference points. Businesses will be required to “implement appropriate technical and organisational measures” to ensure that they can track this information, provide it to a person, or even delete it if said person isn’t keen about it being on the internet (however, in some instances, free speech will collide with these data regulations, meaning those poor, multi-millionaire celebrities will still have little in the way of privacy). So maybe the corporations haven’t been procrastinating as such — but rather, hiring Data Protection Officers and developing data protection safeguards to ensure that they don’t get fined for non-compliance. And companies will not want to be fined, as (at the high end) companies will be on the hook for up to twenty million euros or four percent of global gross turnover, whichever is higher. Yikes! Google and Facebook have received the first complaints, and could be on the hook for more than 5 billion dollars each should the complaints stick.

And what about us?

Lucky for us Canadians, these regulations only apply to European companies, or companies with European customers (sorry, not sorry). This means that your Canadian car dealership is probably safe — but if for whatever reason you have any European customers you will fall under GDPR’s jurisdiction. Chances are, if you’re a large, multinational corporation -like an OEM- someone has already dealt with making sure your business is compliant. If not, pop a quick bookmark on this page, and for the love of all that is holy get your business compliant ASAP! Ditto, if you use an e-mail marketing service or automation platform, like MailChimp or Pardot, you have little to worry about as someone within the company is already on the job, making sure that regulations are met, and those annoying privacy-policy updates and permission e-mails went out. And if you aren’t using email marketing, remember that statistic about people having nearly two e-mail addresses? You are missing out on a huge opportunity (but that is a topic for another blog post on another day). Realistically, these regulations won’t have an effect on your business right now — but with that being said, odds are these types of regulations will be coming to a country near you sooner than later.

So as annoying as all of those privacy policy e-mails were, perhaps it wasn’t such a bleak day after all. They were only sent out to ensure that companies were following the new regulations meant to make our data more secure and our likes more confidential. There is still no Orwellian-Big Brother watching over our every online move (*runs finger around collar nervously*). If you are still unsure about whether your business is GDPR compliant (or if they even need to be), there are a number of online resources that can help. But whether your business is or isn’t affected, I would suggest moving toward being compliant. Not only does building a reputable and trustworthy business go a long way toward a number of things, like your Google ranking, it’s also just good to have a reputable and trustworthy business.

Oh, and if I could impart one last piece of advice, it would be this: bury those initial e-mail addresses. Bury them so deep no one will ever find them. Learn from sk8er_boi_98@hotmail.com’s mistakes.