Drip and the General Data Protection Regulation (GDPR): Are You Ready?

Drip and GDPR compliance blog post cover image

The GDPR is coming, but Drip is here to help you out.

As the amount of data in the world increases, so does our ability to build customer relationships with relevant, personalized interactions. As dreamy as this sounds for your marketing brains, it’s also a virtual nightmare when it comes to protecting all of this information.

Your customers count on you to keep their info locked up tight, but especially crafty hackers have been getting even craftier in years past. Major privacy breaches are more common than ever before, and it’s become evident that data protection practices and laws from the dawn of the internet just don’t cut the mustard anymore.

This surge in personal information stored online in combination with the sophistication at which hackers are working could spell disaster if stricter laws aren’t put in place.

All of this lurking trouble and compromised privacy is what pushed the European Union to take some big steps and create the General Data Protection Regulation (GDPR). It’s a complex policy with a simple premise: Give users control over their data while protecting it better.

In today’s world, though, this is much easier said than done. We realize this is a shift for many, but we’re here to help you through this transition. Check out what we’ve done in Drip so at least your marketing automation is one less compliance issue you have to think about.

Does the GDPR Apply to You?

Maybe this is your first time even hearing about the GDPR. Or maybe you’ve heard about it before, but you’ve been blissfully sweeping it under the rug for months. Either way, the first step to take is to find out if the impending GDPR is even something that applies to you and your online business.

If any of the following are true, the GDPR applies to you:

  • You conduct business in the EU

  • You offer products and/or services to EU residents

  • You monitor the behavior of EU residents

  • You handle the personal data of an EU resident

To put it plainly, if you have any people on your list or in your database who are EU citizens, the GDPR applies to you.

What better time to start considering a plan of action to make sure your business is compliant than right now?

The GDPR Applies to You. Now What?

We have good news and bad news.

The good news: Drip will be GDPR-compliant when the regulation goes into effect on May 25, 2018.

The bad news: Drip’s compliance is only a small percentage of what you need to consider to be compliant yourself.

The GDPR threatens sky-high fines of 10+ million Euro for non-compliance, and while the probabilities of an audit may be low, the sooner you have your ducks in a row, the safer you (and your customers) will feel.

So, you have a choice to make.

For some businesses, the cost of becoming GDPR-compliant is higher than not doing business with EU citizens to begin with, especially if you’re not purposefully courting them in the first place.

If that’s true, Drip offers a couple options for keeping EU citizens off of your email list. Now live inside of Drip, you can filter people by time zone with one rule. 

Bear in mind, however, that the GDPR sets a precedent that other countries may soon follow. For those who choose the path of compliance, there are a few things we recommend jotting down on your to-do list:

1. Learn more about the GDPR

No matter what stage of business you’re in, you’re constantly learning about new ideas, processes, tools, and more. This new stage of privacy protection is no different—it’s just another evolution of business that needs to be learned.

We recommend that you educate yourself on the GDPR’s requirements as efficiently as possible. Here are a couple of the better resources that don’t skimp on the important details:

2. Talk to your buddies in the legal field

The second thing we recommend (especially if the article above has your head reeling) is to engage legal counsel as soon as possible.

There is no hard-and-fast checklist to run through when it comes to GDPR compliance, as the requirements for each business vary widely. So it’s best to pick the brains of someone who understands this law inside and out so you can decide what’s best for your specific industry.

3. Don’t wait

Remember those ducks in a row we were talking about earlier? We weren’t kidding.

The GDPR is a complex regulation, and determining what you need to do to be compliant takes time. Instead of scrambling in the few days before the deadline hits (or, worse yet, ignoring this whole thing completely and getting hit with a fine), start preparing now so it’s just business as usual on May 25.

GDPR Compliance Made Easier with Drip

As the GDPR deadline approaches, we’ll be in touch with more details on Drip’s compliance, including information on how to execute our Data Protection Agreement.

The GDPR—and the predicted trend to follow—will be a boon to ecommerce security and will ease the minds of online shoppers everywhere.

Complying with the GDPR seems like a daunting challenge, and we’ll help wherever we can. But remember, this is all to make the internet a better and safer place for you and your customers. And who doesn’t like that?

GDPR Update: Since this post was first published, we've launched several features to help you on your GDPR-compliance journey. You can do things like add checkboxes to opt-in forms, craft consent copy that will show up wherever you need it to, send double-opt-in confirmation emails, and more.

Check out our comprehensive Knowledge Base article about the GDPR-friendly tools you can find inside of Drip right now.

Drip's updated GDPR features