The EU’s General Data Protection Regulation (GDPR) goes into effect in just a few short weeks – May 25, 2018. GDPR applies to any business that collects any personal information data about individuals. Personally identifiable data includes things from which identity can be derived, such as, for example, an IP address.
In other words, it applies to pretty much any business, collecting pretty much any data, pretty much anywhere. And because GDPR specifically states that GDPR will be enforced against any organization – anywhere – that means that organizations in the U.S. and other non-EU countries still need to comply with it, or risk being hit with, among other things, massive fines.
Because hereâ€™s the thing â€“ you really have no way of knowing whether someone with whom you are interacting online is actually in the EU or not. Sure, you can do IP address geolocation, but not only is that not always 100% accurate, but it can be (and often is) spoofed. Or, you could only collect personal data from people who come into your store, in person. But even then, there is no real way of knowing if, for example, the email address they are giving you is theirs and only theirs, or actually the email address of someone sitting in â€“ you guessed it â€“ the EU.
We actually have the full information about how and why to comply with GDPR if you are a U.S.-based company over on our primary corporate site, under resources, and don’t want to duplicate content (but wanted you to be able to find this information) so for the full article please go to https://www.isipp.com/resources/how-email-marketing-must-comply-with-the-eu-general-data-protection-regulation-gdpr/.