The European Union recently passed a new piece of legislation aimed at protecting the privacy of their citizens online. This new set of regulations will have far reaching effects and consequences that could affect companies extending beyond the borders of the EU. Let’s take a closer look at the new set of legislation and what it means for American businesses dealing with EU residents.

What is the GDPR Exactly?

GDPR is short for General Data Protection Regulation. Its sole purpose is to do exactly that – protect data privacy. The policy was struck into law in May of this year and is one of the most radical pieces of legislation of its genre to ever be enacted.

The main goal of the GDPR is to target businesses who use their customers’ data for ulterior motives. It allows users to have more control on how companies can collect their data and how it is handled. Under the legislation, the information shared between users and websites remains the property of the user, while it used to be considered the property of the company collecting the data. Businesses now have to be able to show that they’re doing everything in their power to make sure that their customers’ information remains secure. They also have to give clients the option of having all of their personal information erased at any given time.

What is the Real Impact of the GDPR on Online Businesses?

The GDPR couldn’t have come at a better moment for customers, but a worse time for advertisers. We are at a time where advance metrics, segmentation and personal data is used more than ever. User data is used to personalize ads, campaigns and lead segments. This is why the GDPR has such an impact on the whole industry, since the legislation affects not only EU businesses, but any business that collects information from EU customers.

The sanctions for those who fail to comply are very serious too. Any company that isn’t compliant with the new set of rules could face severe penalties and hefty fines.

How Does it Affect American Businesses Exactly?

Whether you’re an airline, technology company, or a hotel, any company that tracks and stores online data from EU citizen customers has to abide by these new rules. If you don’t, you could run the risk of facing fines up to €20 million in total, or 4 percent of your company’s total revenue worldwide.

Many US companies, however, are already doing everything they can to be compliant. According to a recent study conducted by PWC, over 70% of executives working for companies with more than 500 employees stated that they would be investing more than 1 million just on compliance stipulations alone. On the flipside, however, a lot of American businesses were still largely unaware about the legislation and don’t even know that they have to comply. Many still aren’t compliant as a result, and may not know the type of sanctions they could be facing.

What Do Business Owners Need to Do?

While the GDPR will be affecting pretty much any sector that deals with personal information online, some sectors will be affected more than others. Those who use or rely mainly on email marketing, for instance, will have to make sure that they handle their subscribers’ information correctly, whether they have a regular newsletter or even if they intend to do something as seemingly benign as sending a birthday email.

The most important thing at first is to make sure that you have explicit consent from the user to collect their information in the first place. Pre-ticked boxes won’t do it; you’ll have to provide a clear opt in box so that they can actively show consent. Consent requests can’t be buried somewhere in other terms and conditions either; for your user to give clear consent, both forms have to be clearly separated.

As easily as they can sign up, your subscribers should be able to sign out as well, and this should already be part of your code of conduct, since there is already US and Canadian legislation that requires email marketers to offer a way for users to unsubscribe from any mailing list they’re subscribed to easily. If you’re worried about this part, you should make sure that you go with a reputable email autoresponder service. They will usually have everything set up to make sure that you remain compliant, from the opt-in form all the way to unsubscribe links.

The GDPR will have far reaching effects on how people conduct business online and how data is used. Make sure that you know everything there is to know about this piece of legislation to make sure that you remain compliant at all times.