Disclaimer: This article is not by any means legal advice for your company on how to comply with the GDPR. The goal is to provide background information to help you better understand the regulation.
We propose that you consult an attorney if you’d like advice on how you should interpret this information or its accuracy.
We are just a breath away from the 25th of May 2018, when the General Data Privacy Regulation (GDPR) comes into force. The legislation is set to have a huge impact on how digital companies and marketers get access to, store, distribute and process the personal data from EU citizens.
There are 2 things you should definitely keep in mind about GDPR:
- Even if your business is based outside of the EU, gathering, managing or distributing any personal data of EU citizens, means the GDPR applies to you as well.
- Potential penalties for failing to comply with the GDPR are purely savage. Depending on the type of violation, companies will be inclined to pay fines of up to €20 million or 4% of their global annual revenue (whichever is greater). That means that you can’t afford to ignore the regulation.
The second point is expected to have a huge impact on the digital landscape as, according to Hubspot, just 36% of marketers have heard of GDPR, while 15% of companies have done nothing, and are at risk of non-compliance.
But is GDPR a bad thing?
Perspective is everything, people. While a tiny bit of madness might occur for the infrastructure that digital companies use, at the same time many of the scammers out there will go out of work.
As a result, end-customers will have the opportunity to browse in a safer environment (and customer satisfaction is KING). This also means that marketers (like me) will have to do a better job in order to gain the right to communicate with people on a regular basis.
GDPR for Referral Marketing, and what it means for Viral Loops.
When participants are joining your campaign, you are getting and processing their personal data, such as their name and email.
To be compliant with GDPR you should have the participant's consent for any marketing activities you are going to use this data for.
Viral Loops allows you to add opt-in options in the campaign widgets so that participants can give their consent when they join the campaign.
The marketing-consents block can be added at the bottom of the Form Widget, Viral Loops Popup and In-app Referral widget at the participation state, before the participant joins the campaign.
It consists of a description text, the marketing consent options, and some complementary legal text.
To set up these options go to your Settings from the Profile drop-down at the top right of your screen.
To start capturing consent go to your Campaign Wizard and edit the relevant widget (Form Widget, Viral Loops Popup and In-app Referral Widget) to enable the GDPR fields.
The widget will display the description, consent options and legal texts you set-up earlier.
When participants are joining the campaign, their choices will be getting logged so that you know what each participant has opted-in to.
The marketing consent choices of your campaign participants are available in the CSV export of your campaign and you will also be able to see them in your Campaign Dashboard and MailChimp and Mailjet integrations around the beginning of June 2018.
Here’s a condensed version of our GDPR Roadmap and where we are on our journey:
- Research how the GDPR impacts our product and business, and implement the required changes to our internal processes required to achieve and maintain compliance with the regulation - COMPLETE
- Rewrite our Data Protection Agreement - COMPLETE
- Perform the necessary changes/improvements to our product based on the requirements:
- Giving control to our users over the marketing activities they opt-in - COMPLETE
- New GDPR fields to capture consent from campaign participants - COMPLETE
- Consent options provided by campaign participants available in the participant list export - COMPLETE
- Deletion: A user has the right to request that we delete all of their personal data. Users who wish to inquire about the right to be forgotten will be able to reach out to us at any time.- COMPLETE
- Access / Portability: A user can request access to a copy of the personal data that we have collected. Users who wish to request portability can reach out to us at any time.- COMPLETE
- Consent options provided by campaign participants visible in the Campaign Dashboard - IN PROGRESS
- Add a cookie notice to all marketing pages and blogs in order to comply with the E-Privacy Directive.- IN PROGRESS
- Finalize and communicate our full compliance (this is what this blog post is about) - COMPLETE
Note that we are in constant motion in order to improve our existing features, or provide new solutions that will help you to run GDPR compliant campaigns in an easier manner.
What do Viral Loops Customers need to do?
There are two things that you might need to do depending on your situation. Below are the only impactful changes that we can foresee that might affect you as a result of using Viral Loops:
We recommend you make sure your policies are up to date and clear to your readers.
- If you need to get marketing permissions from your campaign participants, enable and set the marketing consent options you want to ask them when they join your campaign.
If a participant requests to be removed from your campaign you can delete them from your Campaign Dashboard. Participant data requests can be forwarded to Viral Loops for processing.
- If you are in the European Union you might want to sign a Data Processing Agreement with Viral Loops. We’re happy to do so upon request at firstname.lastname@example.org
We will countersign it and provide you with a fully executed downloadable copy via email within a few business days. If you have any questions about its contents simply email us at email@example.com
Keep being awesome 😎