How consent is given on web pages
If your website or online shop collects personal data through forms, you need the express consent of the users.
This data is usually requested through a contact, a subscription or a request for a quote.
Inform your customers before collecting their data
When requesting your customer's personal data, you must inform him/her of the following points in a clear and legible manner:
- Contact details of the person in charge (your details)
- Identification details of the data protection officer if you have one (see next point).
- Why are you asking for this data and for what purpose are you going to use it?
- Who will have access to these data?
- Whether or not you are going to transfer them to other countries
- Period during which they are to be kept
- Rights to which you are entitled
- The obligation or not to transfer the data. Consequences of not doing so.
Can I send marketing campaigns to my customers without their consent?
It is only permitted to send advertising or commercial messages by e-mail to those users who have expressly authorised it and to those with whom there is a prior contractual relationship.
The Data Protection Officer
The GDPR introduces the figure of the Data Protection Officer (DPO) The DPO is the person in charge of supervising compliance with data protection regulations and advising on any issue related to the matter. In the event of an inspection, he would also be responsible for taking the relevant decisions. The regulation establishes the need for a Data Protection Officer in three specific cases:
- If it is a public authority or body
- If the core business involves profiling customer and user behaviour
- In case of processing special categories of data (health, convictions, criminal offences, etc.)
Consequences of non-compliance with the GDPR
Failure to comply with the GDPR exposes us to a penalty for non-compliance that can reach 20 million euros or 4% of the company's gross annual turnover. In addition, we will have to face the reputational problem of being associated with illegal activities. It is better not to take any risks but to transform our company in accordance with the law as soon as possible.
Does the GDPR affect information obtained through social media?
Yes. All that data obtained through Social Networks falls within the regulation. Your Social Media followers are just that, followers, but they have not consented to you sending them information and therefore you should not add them to your subscriber lists. In case of a promotion or contest on social media, you must request the consent of the participants to contact them.
|Tips for a successful transition to the GDPR model
|Regularise your relationship with your partners and allies. Verify that they comply with the GDPR.
|Debug your database. Delete contacts from whom you cannot obtain explicit consent.
|Optimise your lead generation forms. Engaging and well-designed content is key to generating interactions.
|Revalidate the consent of your old subscribers by sending them an e-mail campaign.
|Thin your database. Collect only the strategic information you need for your business.
|Optimise your site's security to avoid reputation issues
Easymailing provides you with reports to verify the consent of your subscribers.
When you export an Excel file with Easymailing, a report is generated showing the date on which each user has given you their permission and their IP. This report is a great reassurance for possible inspections by the Data Protection Agency.
Do you want more information?
If you have any queries or complaints, please contact the Spanish Data Protection Agency.