Data Privacy FIRST
Solutions for Compliance with GDPR, CASL and other Data Privacy & Anti-Spam Regulations
Global data privacy and anti-spam regulations are changing the way firms communicate with their contacts. Any company that collects contact data from Clients and prospects in Canada or Europe may be impacted by new data privacy laws, and more countries are considering similar laws. Canadian Anti-Spam Legislation (CASL) in Canada and the impending General Data Protection Regulations (GDPR) in Europe may impose substantial fines on companies for violations.
CASL became effective July 1, 2017.
Companies doing business with or contacting Canadian contacts, that haven’t yet acted to obtain implied or express consent from those contacts, may be at risk. Companies must also keep detailed records of consent. Under CASL, implied consent must be renewed every two years or converted to express consent. Violations of CASL can result in significant fines. The first company found in violation of CASL was fined $1.1 million dollars!
GDPR becomes effective May 25, 2018.
Companies doing business with or contacting EU contacts must have a process in place to gain express consent to collect and store information on those contacts, as well as send communications. They must also have an adequately secure data storage methodology for maintaining their contacts’ information and consent data. GDPR applies to all personal data collected by companies, not just contact information. Companies must keep detailed records of consent or be subject to enforcement.
What You Must Do to Comply with the New Regulations
First, identify contacts residing in the EU or Canada. Next, decide how to collect and store express consent data for those contacts. Then set your processes for continually updating the consent information. Finally, ensure that your company’s systems are secure and implement processes for the properhandling of personal data.
Our Data Privacy First! program can help you create a plan for compliance, including:
- Auditing current data and data storage
- Methods for collecting and storing consent information
- Crafting consent emails and subscription forms
- Creating automated processes to ensure compliance and minimize impact on employees’ time