The General Data Protection Regulation (GDPR) is a European Union regulation to standardize and strengthen data protection policies for residents of EU member nations.  This went into effect in May 2018 and it includes data collected via eMail and websites.

The full text of GDPR can be found here. http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32016

It is an 88 page PDF. I admit that I’ve haven’t read it in its entirety, but I have learned a few things that you should know.

Data Rights
There are 4 primary “rights” to data that you have to give residents of European Union. This is true if you offer any service that collects data, whether for a fee or even free. If you don’t grant those rights you will have to pay what some would call exorbitant fees.

Here are the rights: Right of Access, Right to Rectification, Right to Erasure & Right to Data Portability. This means the EU residents must have the ability to view, change & even remove their data from business databases.

Who Needs to Care
This is for businesses in the EU ANY others businesses that track data of EU residents. Do you have a website that people in Europe might buy a good or service from? Might they wish to join your eMail list or even just as you to contact them? Are your lists double opt-in? Can residents access all of the data that you have on them?

Clean up your Databases
In preparation for the GDPR, I’ve seen some companies clean up their eMail lists and see 95% drop of contacts. That is a major loss. This could be financially devastating to businesses that use eMail marketing to generate income. It could also be a financial blow for business who fail to comply.

How Big are the Fines?
If you do business in Europe you might want to sit down for this…

If a firm infringes on multiple provisions of the GDPR, it shall be fined according to the gravest infringement, as opposed to being separately penalized for each provision.

The fine is 2% of the worldwide annual revenue of the prior fiscal year or 4% at the high level.  I’m not sure what the various levels are, but the cost of doing business in the European Union just got potentially astronomical.

What about the data you have collected in the past?

Sorry, no good news here either. All of the data that you have collected in the past is not grandfathered in. Your valuable data might now be a tremendous liability. I suspect many 3rd party options will become available to help business reduce the risks of doing business within the EU.

Is this the end of SPAM?
That would be awesome, but not at all likely. Spammers will continue to spam, this is just to regulate data protecting legitimate business and to make a ton of money for regulators. The upside could be that business will take better care of our data. We shall see. ~:-)