Last week, my social media manager Sherrill Thompson and I broadcasted a Facebook Live video to answer any and all questions those of you in the limo industry had about the updated regulations. Before coming to work for me in Nashville, Sherrill was a member of the intellectual property team at Facebook. With her legal background and knowledge, Sherrill researched the effects GDPR will have on this specific industry.
Here are her suggestions and breakdown of the upcoming changes:
You may be thinking, “What is GDPR and why should I be concerned?”
The GDPR was created back in 1995 and is a set of laws that regulate the processing of personally identifiable information (PII). Basically, this set of regulations protects your privacy online and elsewhere. The new regulation, which starts May 25, updates the original ruling from over 20 years ago.
The new regulation, which can be found HERE, replaces the current Data Protection Directive and implements updated data privacy laws across Europe to protect all citizens of the EU and improve the way companies and organizations across the territory approach data privacy. The new regulation does keep key principles of the original initiative; only the regulatory processes have been updated.
Okay, now that all the legal jargon is out of the way, let’s get to point on why this is important and why you should be taking this seriously.
First off, even if you don’t think you work with anyone in the EU, you can’t rule out the possibility of contracting business in the area in the future. It’s a good idea to go ahead and comply and have a plan in place. You don’t want to get in contact with an EU citizen and NOT have this in place — the fines can get pretty hefty (we’re talking up to 4% of your annual global turnover or $20 million — whichever is greater).
Now, remember, this new regulation pertains to your marketing only! The goal of the new GDPR initiative is to protect citizens’ privacy.
That means, when someone books with you, you can no longer automatically add them to your email marketing lists. The client or consumer will have to choose to be added to your marketing lists before checkout, which means no more automatic opt-ins.
You can only use specific consent times.
During check out, on the phone, and while an individual is browsing your website are the only times you can get their consent to opt-in to your marketing emails! You must be as upfront and concise about what they will be opting into. No more vague, “want to receive deals from us?” headlines.
ALL consent must be freely given.
Auto-enrollment in email lists, pre-checked boxes, or newsletter subscription prerequisites to receive an offer or downloadable resource. That individual must select (opt-in) to receive your marketing emails through checkout and/or mention it through a phone call.
However, consent is only legal through phone if you record your calls.
If you don’t and still enroll them into further marketing communications, you could be at risk of violating the regulation. If you’re offering a free ebook or brochure download, you must give the consumer the option to opt-in to your emails, not bundle it with the download. Initially this may seem like a headache, but in the end it’s worth it. You’ll build the trust of all of your customers and be ahead of the curve once the U.S. decides to implement this down the road.
Just as you must make it easy for consumers to opt-in to your emails, you must make it just as easy for them to opt-out.
While this is already law stemming from the CAN-SPAM Act in 2009, this must be implemented in the new GDPR regulations. Also keeping true to the CAN-SPAM act, you must list your physical address within your marketed emails.
All that being said, let’s circle back to opting in and how to gain consent.
Let’s say you record your phone calls and a client mentions they’d like to receive your marketing emails. Since you record your calls, if you were to be audited by the EU, you would be able to prove the customer gave their consent. However, just to be safe, it’s best to initiate a double opt in for not only phone calls, but through all of the individuals who opted in through your checkout page and website
Finally, in regards to your current email lists, it’s best to implement a re-permission email campaign before the May 25 deadline.
While not everyone or even any of your customers may be EU citizens, it’s best to implement this campaign to be sure you have proof of them accepting the terms of being on your mailing lists. Be as clear and concise as you’re going to be once you implement the new GDPR regulations. Let them know what they’re receiving and making it very clear they will not be receiving emails from you if they do not opt in. Share it all over your social channels as well. Get the word out as to why you’re making these changes!
The new law isn’t as scary as you may think, but it’s definitely better to be safe than sorry. Remember, if you don’t allow for clients to opt-in, you expose yourself to possible incrimination and audits from the EU should you contact a citizen unlawfully.
Implementing this change before the deadline makes sure you’re still open for business worldwide. Affiliates, clients traveling, employees, and current clients are all subject to this new regulation.
You never know where new business will come from — don’t limit your company because you’re not doing business in the EU. Apply these changes right now and set yourself up for success moving forward!
Bill Faeth Profit Motives column and blog posts here