Consent to Personal Data Collecting and Processing
a small piece of data that is sent by a web server and stored on the user's computer. For example, cookies can store the preferred language or user behavior on the site.
However, you can’t use even voluntarily provided information without user consent. Let’s figure out how and why to collect and use personal data so that the client doesn’t have any complaints.
Why Get Consent
Personal data is any information about a user, received from various sources: registration in a personal account, a callback form, a subscription form, etc. This, for example, can be:
- date of birth;
- phone number;
- social media profiles;
In Europe, the GDPR – General Data Protection Regulation – has been working for a long time. These are the rules governing the use and protection of the EU citizens' personal data. In particular, they relate to the transfer, processing and storage of personal data. Fines for violation of the GDPR are substantial: they can reach up to 20 million euros or 4% of the company's annual income. To avoid being fined in Europe, data must be correctly collected, used and stored.
The main US spam law is the CAN-SPAM Act. The fines provided for violating it can amount to more than $43,000.
In general, we can say that the American anti-spam laws are less stringent than the European ones. In fact, they allow sending to any contact. The main thing is to unsubscribe the addresses in time if they want to.
But remember that some states have local legal acts. For example, California Consumer Privacy Act (CCPA) in California. Under this law, California residents have the right to:
- know what personal information is collected and how it is used;
- delete personal data;
- receive goods and services, regardless of providing consent to the collection and use of their data.
The maximum civil penalty for the CCPA regulations violation is $2,500.
In Brazil, the General Data Protection Act (LGPD) almost completely repeats the main GDPR rules.
The law strictly regulates the rules for the collection, processing and storage of personal data on the territory of Brazil. Thus, it protects not only Brazilian citizens' personal data but also everyone whose data was processed while they were in Brazil.
The LGPD rules apply to anyone who collects, stores, or processes personal data in Brazil regardless of the nationality and location of the data processor. Fines for violation of the LGPD will be up to $13 million or 2% of the offending company's annual income.
I want to send campaigns safely
How to Collect Data
The multitude of laws and fines can confuse: so how to collect and process data correctly? Let's figure it out.
First of all, remember the following points.
Safe Data Storage
You also need to provide the users with secure storage of all information that concerns them. Here you can no longer do without technical specialists. They will help you set up data management following the law.
DOI is a must-have item for those who are running email marketing. When you've completed all the above steps, legally collected data about users and want to start communication with them via email, you shouldn't rush. By the laws above, you need to obtain consent from customers to receive newsletters. Double Opt-In will come to the rescue. A confirmation email is a required message before starting a conversation. It contains a button that confirms the subscription and makes it possible to include a person on the mailing list.
User data is essential for every marketer. But you need to collect and handle it with extreme care. After all, in addition to fines and criminal liability, the reputation of your company is at stake. If you have questions regarding the legal side, we advise you to contact a good lawyer. Well, if you have questions about email marketing, our team is always happy to help.