General Data Protection Regulation (GDPR)

General Data Protection Regulation

In the recent past, personal data has been misused by various companies and social media sites, for example, the Facebook privacy scam. Personal information such as email address, contact number, the residential address is being sold for marketing purposes. Consumer rights policies get violated whenever personal information is leaked out.

Website use cookies to collect user information

Websites usually use cookies to collect user data. They track the customer behavior and the information provided by the user. In general, this information is obtained to provide the user with more relevant information. For example, when you browse products on Amazon, the websites track your browsing style and shows you related products. Besides sites that track, you are being watched by the Search engines too. A user is always under supervision. His/Her data entry and interactions are being under surveillance.

Why is browsing data being tracked?

The location data of users are used by search engines to give accurate results. The searches made in one social media website is used by other sites linked to it and recommendations related to it are being provided. Ads related to the user’s wish list is brought to attention while browsing for something else. This has become quite common everywhere. Although such suggestions, recommendations, and ads make life a little easier and leave us in awe of the improvements in web browsing, it has its downside too. Some companies misuse the data without prior permissions from the owners of the data.

Keeping personal data private, which is a fundamental right, is being violated by many companies. The European Union took this issue seriously and decided to pass a regulation that will protect the privacy of the information of its citizens collected by websites. This regulation is called the General Data Protection Regulation (GDPR).

What is GDPR?

General Data Protection Regulation was passed by the European Union on May 25, 2018, to protect the personal data and privacy of EU citizens within EU member states. This initially applied to all individuals inside EU and European Economic Area (EEA). But later, it applied even to the export of data outside of EU and EEA.

Starting from January 2012, Eu is trying to make Europe ‘fit for the Digital era’ with its data protection reforms. GDPR framework is one of the critical components of these reforms. This regulation was adopted in April 2016 but came into action in the last week of May 2018. This did not require any governments to pass any enabling legislation because it is a regulation and not a directive. This has replaced an already existing directive that was passed in the year 1995, known as the Data Protection Directive. This directive was passed way before the online business started. It does not address the conflicts in the ways in which the data is stored, collected and transferred.

How does GDPR solve the problem?

Under this regulation, a user’s data cannot be taken using cookies without the consent of the user. If the data is going to be monitored or saved by the website, it has to bring it to the user’s notice about what will happen to the information being entered. The website also has to mention how long the data will be under their control. Under this regulation, the data that is taken in by the company can be deleted by the user at any time.

How does GDPR affect Email Marketing?

Email marketing has been a great deal since the start of the email era. Approximately every person with an email id will receive at least 5 emails in a day letting them know about the trending deals in various stores and other trends that in the market now. But everything has a limit, but email marketing exceeded all limits. Many of our inboxes have 1000+ emails that are still unread. How much ever we put them in spam folders it was uncontrollable. Now GDPR has come up with a solution that will possibly put an end to it.

Whenever you visit a website consumer will be asked to type in their email id to send their promotional emails. Now under GDPR, there should be an opt-in and opt-out feature which will allow the consumer to add or remove themselves from the subscription list. The data that is stored should be available to the consumer. The data stored must be transparent to the consumer.  The consumer must be able to opt out of their subscription list at any time. And at the request by the consumers, all the data stored must be erased. Another important thing that email campaigners need to be careful about is pre-checked opt-in boxes while collecting email id.

But all of this is applicable only for users inside the EU. Although, other companies have made this a mandate for other users too after GDPR came into effect. So now consumers are being sent a re-consent email to confirm if they have the consent of all their subscribers. This is done as a precautionary measure to make sure they have all their consent list right. Somehow GDPR has brought a control over email marketing.

Guidelines for personal data usage according to GDPR

  1. The personal data of the user cannot be processed unless there exists legitimate basis to it.
  2. The consumer must be able to access the data that is being processed and if required the consumer can even demand to know how the processing is done, what is done and with whom his/her data is shared.
  3. Privacy settings should be set on high and the controller of the data must always be very vigilant to follow those rules. The controller must make sure that the data processes follow the regulations. It should not be unnecessarily processed.
  4. The consumer is given the rights to erase the data acquired by the controller at any time.
  5. If the data is collected in complete compliance of the user then the collector should know the extent of data collection, the legal basis for which it is being collected and how long it will be under their control. The contact of the data collection officer must also be provided to the consumer.
  6. It also protects the data by a process called pseudonymization. This is done to protect some user data.
  7. The consumer must be notified if in case of a data breach.
GDPR penalties for Non-compliance

GDPR penalties are quite severe. Organizations will have to pay a hefty fine if they violate the policies. There are two levels of penalties based on the seriousness of the data breach. The first level fines the organization up to €10 million or 2% of the company’s turnover (whichever is higher). The most critical violations might result in a fine amount of up to €20 million or 4% of the company’s turnover (whichever is higher).

Checkout our latest blog on how to use b2b cold emails to boost sales.


  1. Good article! We are linking to this particularly great article on our site. Keep up the great writing. Sidonia Riobard Oliver

Leave a Reply

Your email address will not be published. Required fields are marked *