Marketing without personal data is a thing of the past. Now, to impress customers and sell them products or services, you need to know about them as much as possible. By the phrase “as much as possible” we mean absolutely everything: what users share themselves, and what is collected automatically. Everything seems fine. Typically, users provide personal data themselves, for example, when registering on the site or agreeing to the use of cookies.
Cookies —
a small piece of data that is sent by a web server and stored on the user's computer. For example, cookies can store the preferred language or user behavior on the site.
However, you can’t use even voluntarily provided information without user consent. Let’s figure out how and why to collect and use personal data so that the client doesn’t have any complaints.
Why Get Consent
Personal data is any information about a user, received from various sources: registration in a personal account, a callback form, a subscription form, etc. This, for example, can be:
- name;
- date of birth;
- address;
- phone number;
- email;
- social media profiles;
- preferences.
In Europe, the GDPR – General Data Protection Regulation – has been working for a long time. These are the rules governing the use and protection of the EU citizens' personal data. In particular, they relate to the transfer, processing and storage of personal data. Fines for violation of the GDPR are substantial: they can reach up to 20 million euros or 4% of the company's annual income. To avoid being fined in Europe, data must be correctly collected, used and stored.
The main US spam law is the CAN-SPAM Act. The fines provided for violating it can amount to more than $43,000.
In general, we can say that the American anti-spam laws are less stringent than the European ones. In fact, they allow sending to any contact. The main thing is to unsubscribe the addresses in time if they want to.
But remember that some states have local legal acts. For example, California Consumer Privacy Act (CCPA) in California. Under this law, California residents have the right to:
- know what personal information is collected and how it is used;
- delete personal data;
- unsubscribe;
- receive goods and services, regardless of providing consent to the collection and use of their data.
The maximum civil penalty for the CCPA regulations violation is $2,500.
In Brazil, the General Data Protection Act (LGPD) almost completely repeats the main GDPR rules.
The law strictly regulates the rules for the collection, processing and storage of personal data on the territory of Brazil. Thus, it protects not only Brazilian citizens' personal data but also everyone whose data was processed while they were in Brazil.
Important!
The LGPD rules apply to anyone who collects, stores, or processes personal data in Brazil regardless of the nationality and location of the data processor. Fines for violation of the LGPD will be up to $13 million or 2% of the offending company's annual income.
I want to send campaigns safely
RegisterHow to Collect Data
The multitude of laws and fines can confuse: so how to collect and process data correctly? Let's figure it out.
First of all, remember the following points.
Privacy Policy
Almost every site in the footer contains the link to the privacy policy. And if your site doesn't, then it’s urgent to add it. The policy protects you from fines and unwanted blocking since it provides information on why you collect data, how you store it and where you will use it. Usually, it's prescribed what kind of information is being collected and for what purpose. It's better to entrust drafting the policy to a professional lawyer who is well-versed in the law and will help you prepare the document correctly.
In our Privacy Policy, you can find all the information: what data we collect, when and how we use it, how the data is protected, how it can be deleted, etc. This document also includes consent to the collection of personal data.
Cookie Notice
Cookies can contain any data about the user, even passwords or payment card information. They are most commonly used for advertising, marketing and sales. The user, of course, can refuse them, but disabling cookies may cause problems with the browsing experience. You need to notify users about how you will use cookies and what rights users have.
When visiting the site, the user should see a notification that the site uses cookies. It’s better to give the user a choice: a button to confirm and a button to manage settings.
Checkboxes
In any form on the site, you must leave an empty checkbox. If it’s filled by default, you may receive a fine. By ticking the box, users consent to the processing of their data and confirm that they’ve read the privacy policy. The text next to the checkbox should contain a link to the policy.
Safe Data Storage
You also need to provide the users with secure storage of all information that concerns them. Here you can no longer do without technical specialists. They will help you set up data management following the law.
Double Opt-In
DOI is a must-have item for those who are running email marketing. When you've completed all the above steps, legally collected data about users and want to start communication with them via email, you shouldn't rush. By the laws above, you need to obtain consent from customers to receive newsletters. Double Opt-In will come to the rescue. A confirmation email is a required message before starting a conversation. It contains a button that confirms the subscription and makes it possible to include a person on the mailing list.
Conclusion
User data is essential for every marketer. But you need to collect and handle it with extreme care. After all, in addition to fines and criminal liability, the reputation of your company is at stake. If you have questions regarding the legal side, we advise you to contact a good lawyer. Well, if you have questions about email marketing, our team is always happy to help.