How the CCPA compares to the GDPR: 10 things you need to know

1. Why is the CCPA important?

While the GDPR applied a unified privacy law across Europe, the USA has no comparable federal law that compares. There have been ripples of state-led laws, granting similar rights to the CCPA – more of which are below – but the CCPA is the first major privacy legislation in the USA given its scope in introducing how data is handled about Californian residents.

It is important for two reasons; its application is a major step given the absence of privacy laws before it, but also it is paving the way for discussions at a federal level to introduce uniform legislation across the USA.

2. Who has to comply?

Compliance with the CCPA applies to any businesses operating for profit that collect and/or control California residents’ personal data and meets one of the three criteria below:

1. Have annual gross revenues in excess of US$25
million; or

2. Receive or disclose the personal information of 50,000 or more California residents, households, or devices on an annual basis; or

3. Get 50% or more of their annual revenues from selling California residents’ personal information.

The big difference compared to the GDPR is that the GDPR applies to any business (without being limited by CCPA-esque criteria) that determines the means and purposes of processing personal data about EU citizens.

3. Scope

Rights under the CCPA are provided to “consumers”,
meaning natural persons who are California residents (i.e. not someone in California
for a temporary or transitionary purpose).

The concepts of processing are broadly similar, captured under the CCPA as “collecting or selling” personal data. However, where the GDPR applies to all processing of data, the CCPA is principally focussed on the sharing or selling of information.  There are also a number of elements that sit outside of the definition of what personal data is, including publicly available information.

4. Legal basis for processing

The GDPR introduced legal bases for processing
personal data under which businesses had to align to their processing of data.
This included consent and legitimate interest.

The CCPA does not introduce the concept of legal grounds for processing personal information.

5. Rights for individuals

What the CCPA does introduce is a number of rights
for Californian residents. These overlap the GDPR in most respects, including
the right to:

  • erasure / deletion, free of charge (with exceptions);
  • be informed (i.e. the individual must be provided with details of what personal data is collected & why);
  • access (i.e. a process allowing individuals to have full visibility of the data an organisation holds about them);
  • data portability (i.e. when data is requested under an access request that this is provided in an easy-to-read and portable format); and
  • object / opt-out (though there are some notable distinctions here – see below).

Deadlines to respond to consumers exercising their
rights are slightly different – the GDPR specifies a response to be sent within
a month, where the CCPA specifies a 45-day period. Both may be extended
provided the individual is told within the initial timeframe.

One distinction the CCPA provides explicitly (although it can be argued that this is implied in the GPDR) is that individuals must not be discriminated against for exercising their rights.

6. Opting out & not selling data

The CCPA introduces a significant and distinctive
requirement that is not mirrored under the GDPR.

The CCPA requires that a link with the title “Do
Not Sell My Personal Information” is provided on the homepage of any business
that sells personal data.  Importantly,
Californian residents can only opt-out of the sale of personal data, and not
the collection or other uses that do not fall under the definition of
“selling.”

By contrast, individuals can object to any type of
processing of personal data under the GDPR. This can be done by withdrawing
consent, or by objecting to processing that is based on another legal basis.

The right under the CCPA is absolute, whereas under the GDPR a business has the opportunity to demonstrate “compelling legitimate grounds” for the processing that overrides the rights of the individual.

7. Compliance

In the same way the GDPR meant a swathe of changes to every online privacy policy, the CCPA similarly requires organizations to make changes.

As well as informing Californian consumers of their rights, at least two methods of contact must be made available for them to make requests in exercising their rights. Obviously, organizations must put mechanisms in place to ensure that any such requests are dealt with.

8. Enforcement

Much was made of the eye-watering penalties that
the GDPR introduced of up to the higher of €20m or 4% of worldwide turnover.
The CCPA provides for penalties to be issued up to $2,500 per violation or
$7,500 per intentional violation, without a maximum amount for several
penalties for each violation. Enforcement powers are granted to the Californian
Attorney General.

Individuals can also bring actions themselves. Where the GDPR allows claims for material and non-material damages for any violation of the GDPR, the CCPA only allows individuals a right of action where non-encrypted / redacted personal information is subject to unauthorized access; or where it has been disclosed as a result of an organization’s failure to meet its security obligations.

9. Security Obligations?

Given the risk to businesses for a failure to meet security requirements, the CCPA is surprisingly vague on what this means. The Attorney General is likely to publish further guidance, but at the present time it is worth noting that a number of security measures have historically been endorsed by the Attorney General that may be a useful point of reference in order to mitigate any risks by incorporating these into a CCPA compliance program.

10. Just the beginning…

The Attorney General is required to adopt
regulations on or before July 1, 2020 so there will certainly be future
developments and guidance as a result to keep an eye out for.

While the CCPA is not America’s answer to the GDPR, despite certain similarities, it is important to note that there is a real drive to introduce a harmonized privacy law at a federal level. This is some way off though, despite House and Senate hearings and FTC requests, but the CCPA may well be the first step towards this.


Keep watch for our FAQs on the CCPA, which we’ll publish soon.

The information in this document is for general guidance and is not legal advice. If you need more details on your obligations or legal advice about what action to take, please contact your legal advisor or attorney.

The post How the CCPA compares to the GDPR: 10 things you need to know appeared first on dotdigital blog.

Reblogged 4 days ago from blog.dotdigital.com

4 things you didn’t know product recommendations could do for you

This is the final of a three-part series on where to focus your efforts after a surge in sales from new customers.

See parts one and two here.

Last week, as part of our series on actions to take following a surge in sales, we teased you with a great way of retaining new customers — with product recommendations of course! And with a potential increase of 300% in revenue – did you know that according to Forrester 30% of Amazon’s total group revenue is directly attributed to them? – it’s no wonder you’ve clicked through to learn more about what product recommendations can do for you. But beyond the obvious upsides of upselling, with Engagement Cloud, product recommendations go that one step further. 

If you thought product recommendations were just about repeat purchases, you’d be wrong! Just like a good sales person, product recommendations are great when it comes to achieving a higher customer lifetime value and increasing average order value. But, similarly to a good hire, they can also provide an exceptional customer experience, and even help improve things like your stock management or your understanding of customers. 

Here are a few tips and tricks from dotdigital to get product recommendations working for you.

1: Delight your customers by displaying a product they need but didn’t know you had

An online store can be harder to navigate than a physical one, just because you don’t get to see everything at once. That means it’s highly likely your customers have no idea of the full breadth of your wonderful product offering. Make it easy for them. 

Use ‘also bought’ and ‘best next’ product recommendations on your site to point your customer in the right direction. They’ve just bought a computer mouse from you, but they might not know you offer batteries. Or maybe they booked a hotel room – are they aware you have a spa with services on offer? You can use these product recommendations post-purchase as well of course, in emails that upsell a little later than the point of sale. Or perhaps even try a combination of the two. 

For those customers that didn’t quite make a purchase, could it be they didn’t quite find what they were looking for? Use lookalike product recommendations to give the customer some more options, whether it’s handbags or holidays. You can increase open rates and click-throughs by making your abandoned cart copy sound exclusive with a touch of the personal shopper, with phrases such as ‘Selected just for you’. Use personalization fields to up the ante.

2: Show them what’s hot, and what they really want, with trending

The trending product recommendation combines ‘best sellers’ and ‘most viewed’ to give your customers a selection that will make them feel as if they are ahead of the curve. People love to keep up with the Jones’, and there are few industry exceptions. Whether it’s shoes, phones, speakers, cars, or mini-breaks, show your customers what they’re missing out on in your regular marketing sends.

3: Avoid disappointment when an item is out of stock, with lookalikes

Your customer may have had their eye on a product from you for some time but couldn’t quite commit to buy for a number of reasons. Then they go to view the item with the intent of buying this time and discover it’s out of stock. Quickly divert their attention with on-site lookalike product recommendations, reassuring them that just because that one product is sold out, it doesn’t mean there are no other alternatives for them on your site. 

You could also capitalize again here on abandoned cart emails (as well as a bit of fear-of-loss); let the customer know that the item they viewed is now out of stock, but there are others that they’ll no doubt love. 

4: Take them on a new journey, with existing customers leading the way

Both the ‘best next’ and ‘also bought’ product recommendations in Engagement Cloud are customer-led, in that they examine and use real customer data to recommend the products. In fact, ‘best next’ even uses AI to predict missing products in a typical matrix (or customer journey). For instance, if you were buying a new outfit and looking at the shoes, you could recommend that customers also bought a particular belt or that the next best product might be a blazer.

Use this as a selling point for your customers. Frame your product recommendations as your community of loyal customers leading the way for your new customers. Word and design your ‘best next’ and ‘also bought’ product recommendations as if customers were personally recommending items to one another. This not only gives your products an element of social proof, it will also make them feel as if they are part of something bigger when shopping with your brand.


Not an Engagement Cloud user yet? Take a tour with our quick demo here. Or want to learn more about product recommendations? Download our winning cheatsheet here.

Don’t forget, this is the final of our three-part series in what to do after a surge in sales. Check out part one here and part two here, or sign up for blog updates and more here.

The post 4 things you didn’t know product recommendations could do for you appeared first on dotdigital blog.

Reblogged 1 month ago from blog.dotdigital.com

4 things that will make your email design great

And with your customers more visually literate every day, and their inboxes more crowded, nice email design isn’t just nice to have, it’s essential.

So, what do you need to bear in mind when designing a top-notch email? You should think about:

1. Your brand

Your emails are an extension of your brand. Stick to your company’s color palette and fonts (and be consistent with them!) and include your logo or other brand assets.

2. Placement of text, images, buttons, and white space

People tend to scan images and text in documents and emails in a F-shape pattern. This means that the top few lines, calls to action, and images will draw the most attention. Whereas subscribers will start to absorb less, the further down the page, and could drop off completely. Try to avoid anything important in the bottom-right hand space of your emails. Strong hero images with clear calls to action are important. As is white space, which will allow your content to breathe and permeate the thought space of your customers.

3. Storytelling

Having a clear narrative isn’t just important for your copy. Fluid design should signpost readers from start to end, and point them to the right place. Just like a story would divert your attention to something significant, so should your email design.

4. Optimizing for mobile

More emails are now opened on phones than on desktops and laptops. It’s more important than ever that your emails aren’t just ‘mobile-friendly’, but designed specifically for mobile, whether that’s in app or on a mobile browser.

Does it seem like a lot to consider? Well we have some good news. At dotdigital, our success is your success. Between us, we have a vested interest in your campaigns being amazing, and we love seeing all the beautiful emails you create and send out to your customers. Sexy-looking emails will always result in better engagement rates. So, with all this in mind, here’s what we came up with recently to make your job that bit easier, and your campaigns even better looking.

New email design templates are here!

And we haven’t just optimized design for the eye, we’ve also optimized further for mobile experiences. Image-led or editorial, there’s a wide selection for you to choose from, depending on your industry type or email purpose. Whether you’re a retailer with a product promotion or a charity with a special event, there’ll be a template for you. Pick the design that most aligns with your brand and message, and get started.

Templates make your life a lot easier, but you still have control

Using an email template doesn’t mean you can’t personalize for your brand. With Engagement Cloud templates, you can use your own logo, color scheme, and web-friendly fonts, and even drag-and-drop blocks in our much-loved Easy Editor. That’s not to mention ramping up your HTML editing expertise, should you want a bolder design. Templates aren’t here to take over your creative impulses. Think of them as an array of skeletons to build your sends up quickly.

Have
a look for yourselves!

Whether you work off a template or design emails from scratch, we hope our new templates highlight what’s possible in Engagement Cloud. There are even festive designs as we head into the winter shopping season!

Let us know what you think in your account
or sign up for a free trial to see for yourself.

The post 4 things that will make your email design great appeared first on dotdigital blog.

Reblogged 2 months ago from blog.dotdigital.com

Email: 3 things you must do instead of ‘sending to all’

This is one of the most frequent conversations I have with dotdigital customers who want to email their entire recipient base about a change – and usually quickly.

They want help with minimizing risk and troubleshooting the damage. I get it, terms have changed, a new privacy policy has been put in place, or something else has happened that you’re being told has to be communicated to everybody. I’ve been there, I understand your pain and I want to shout: THERE’S A BETTER WAY. Dealing with the damage retroactively is not the only way to handle this situation. 

A word on legalities

Before I get into the whys and hows, please note that this is deliverability advice and is meant to help you get the most from your brands digital messaging.  you should always check the legalities with your legal team. 

Recognize your email KPI

Before
making the decision to send an email to your entire file, take a step back and
consider the impact it could have.

When
building an email program, the goal is to hit the KPI that you are being
measured on. Whether that’s revenue, getting attendees to an event, pushing
forward a cause, attracting users to your app – there are many intended
outcomes from sending an email. Sending to a much larger group than those that
will support that KPI puts the program you have dedicated your time to at
risk. 

The risks of blanket email

Mailbox providers are held to their customers wants and needs – people like you and I who have email addresses, and they need to watch the positive and negative indicators closely to make sure the emails being allowed to reach the inbox are from brands that are sending wanted emails. When you send to your entire file, regardless of the status of that recipient, you run the risk of:

  • more complaints (recipients who mark a
    message as spam, complain to your ESP or complain to the mailbox provider)
  • high unknown users (email addresses that don’t
    exist)
  • sending to spam traps (email addresses used to
    identify senders sending with poor list hygiene or sending to recipients
    who haven’t given consent)

These
negative interactions, which can come from sending to all email addresses in
your file, can have a serious knock-on effect. Emails going to the customers
that keep you in business are put in jeopardy and are at risk of going in to
the spam folder or not making it to the recipient at all.

How can
you accomplish your goals without the possibility of causing damage to your
email program’s bottom line? Here are three steps to help you through this
situation:

1. Send an email to active recipients

Those who are actively participating in the email conversation with you will be interacting positively (i.e. opening, clicking) with your emails. Send them an email to explain any changes in a way that they will understand. Give them the ability to take it a step further by drilling down themselves. This shows that you respect them enough to make sure they really understand the changes that are being made. 

2. Segment recipients that are not being sent emails regularly into other digital messaging methods

Here, you minimize the risk to your deliverability. One of the benefits of using Engagement Cloud, offered by dotdigital, is that there are other avenues available to you. There are different channels where recipients may be interacting with you and more effectively reached.

3. Respect those that have actively said they don’t want to hear from you

If a
recipient has unsubscribed from your messaging – don’t send them any messages.
Explore other ways of communicating with those recipients. A couple of
examples:

  • If you have an online account available to your recipients, use a popover that communicates to users the changes that have taken place – and requires them to click through.
  • If you have an app, ask the user to agree to the new terms before using the app again. 

The bottom line

Approach the communications with your recipients/subscribers/customers as a conversation. It’s a reciprocal, two-way thing, where both parties are conversing. Why risk ending the revenue-generating conversations by sending an email to your entire database when you don’t have to? Instead, save yourself some pain and use the opportunity to communicate with your recipients in the way they want to hear from you. Make this about them. 

Want more advice on deliverability?

The post Email: 3 things you must do instead of ‘sending to all’ appeared first on dotdigital blog.

Reblogged 3 months ago from blog.dotdigital.com

New Things I’ve Learned About Google Review Likes

Posted by MiriamEllis

Last time I counted, there were upwards of 35 components to a single Google Business Profile (GBP). Hotel panels, in and of themselves, are enough to make one squeal, but even on a more “typical” GPB, it’s easy to overlook some low-lying features. Often, you may simply ignore them until life makes you engage.

A few weeks ago, a local SEO came to me with a curious real-life anecdote, in which a client was pressuring the agency to have all their staff hit the “like” button on all of the brand’s positive Google reviews. Presumably, the client felt this would help their business in some manner. More on the nitty-gritty of this scenario later, but at first, it made me face that I’d set this whole GBP feature to one side of my brain as not terribly important.

Fast forward a bit, and I’ve now spent a couple of days looking more closely at the review like button, its uses, abuses, and industry opinions about it. I’ve done a very small study, conducted a poll, and spoken to three different Google reps. Now, I’m ready to share what I’ve learned with you.

Wait, what is the “like” button?

Crash course: Rolled out in 2016, this simple function allows anyone logged into a Google account to thumbs-up any review they like. There is no opposite thumbs-down function. From the same account, you can only thumb up a single review once. Hitting the button twice simply reverses the “liking” action. Google doesn’t prevent anyone from hitting the button, including owners of the business being reviewed.

At a glance, do Google review likes influence anything?

My teammate, Kameron Jenkins, and I plugged 20 totally random local businesses into a spreadsheet, with 60 total reviews being highlighted on the front interface of the GBP. Google highlights just three reviews on the GBP and I wanted to know two things:

  1. How many businesses out of twenty had a liked review anywhere in their corpus
  2. Did the presence of likes appear to be impacting which reviews Google was highlighting on the front of the GBP?

The study was very small, and should certainly be expanded on, but here’s what I saw:

60 percent of the brands had earned at least one like somewhere in their review corpus.

15 percent of the time, Google highlighted only reviews with zero likes, even when a business had liked reviews elsewhere in its corpus. But, 85 percent of the time, if a business had some likes, at least one liked review was making it to the front of the GBP.

At a glance, I’d say it looks like a brand’s liked reviews may have an advantage when it comes to which sentiment Google highlights. This can be either a positive or negative scenario, depending on whether the reviews that get thumbed up on your listing are your positive or negative reviews.

And that leads us to…

Google’s guidelines for the use of the review likes function

But don’t get too excited, because it turns out, no such guidelines exist. Though it’s been three years since Google debuted this potentially-influential feature, I’ve confirmed with them that nothing has actually been published about what you should and shouldn’t do with this capability. If that seems like an open invitation to spam, I hear you!

So, since there were no official rules, I had to hunt for the next best thing. I was thinking about that SEO agency with the client wanting to pay them to thumb up reviews when I decided to take a Twitter poll. I asked my followers:

Unsurprisingly, given the lack of guidelines, 15 percent of 111 respondents had no idea whether it would be fishy to employ staff or markers to thumb up brand reviews. The dominant 53 percent felt it would be totally fine, but a staunch 32 percent called it spam. The latter group added additional thoughts like these:

I want to thank Tess Voecks, Gyi Tsakalakis, and everyone else for taking the poll. And I think the disagreement in it is especially interesting when we look at what happens next.

After polling the industry, I contacted three forms of Google support: phone, chat, and Twitter. If you found it curious that SEOs might disagree about whether or not paying for review likes is spam, I’m sorry to tell you that Google’s own staff doesn’t have brand-wide consensus on this either. In three parts:

1. The Google phone rep was initially unfamiliar with what the like button is. I explained it to her. First, I asked if it was okay for the business owner to hit the like button on the brand’s reviews, she confirmed that it’s fine to do that. This didn’t surprise me. But, when I asked the question about paying people to take such actions, she replied (I paraphrase):

“If a review is being liked by people apart from the owner, it’s not considered as spam.”

“What if the business owner is paying people, like staff or marketers, to like their reviews,” I asked.

“No, it’s not considered spam.”

“Not even then?”

“No,” she said.

2. Next, here’s a screenshot of my chat with a Google rep:

The final response actually amused me (i.e. yeah, go ahead and do that if you want to, but I wouldn’t do it if I were you).

3. Finally, I spoke with Google’s Twitter support, which I always find helpful:

To sum up, we had one Google rep tell is it would be fine and dandy to pay people to thumb up reviews (uh-oh!), but the other two warned against doing this. We’ll go with majority rule here and try to cobble together our own guidelines, in the absence of public ones.

My guidelines for use of the review likes function

Going forward with what we’ve learned, here’s what I would recommend:

  1. As a business owner, if you receive a review you appreciate, definitely go ahead and thumb it up. It may have some influence on what makes it to the highly-visible “front” of your Google Business Profile, and, even if not, it’s a way of saying “thank you” to the customer when you’re also writing your owner response. So, a nice review comes in, respond with thanks and hit the like button. End of story.
  2. Don’t tell anyone in your employ to thumb up your brand’s reviews. That means staff, marketers, and dependents to whom you pay allowance. Two-thirds of Google reps agree this would be spam, and 32 percent of respondents to my poll got it right about this. Buying likes is almost as sad a strategy as buying reviews. You could get caught and damage the very reputation you are hoping to build. It’s just not worth the risk.
  3. While we’re on the subject, avoid the temptation to thumbs-up your competitors’ negative reviews in hopes of getting them to surface on GBPs. Let’s just not go there. I didn’t ask Google specifically about this, but can’t you just see some unscrupulous party deciding this is clever?
  4. If you suspect someone is artificially inflating review likes on positive or negative reviews, the Twitter Google rep suggests flagging the review. So, this is a step you can take, though my confidence in Google taking action on such measures is not high. But, you could try.

How big of a priority should review likes be for local brands?

In the grand scheme of things, I’d put this low on the scale of local search marketing initiatives. As I mentioned, I’d given only a passing glance at this function over the past few years until I was confronted with the fact that people were trying to spam their way to purchased glory with it.

If reputation is a major focus for your brand (and it should be!) I’d invest more resources into creating excellent in-store experiences, review acquisition and management, and sentiment analysis than I would in worrying too much about those little thumbs. But, if you have some time to spare on a deep rep dive, it could be interesting to see if you can analyze why some types of your brand’s reviews get likes and if there’s anything you can do to build on that. I can also see showing positive reviewers that you reward their nice feedback with likes, if for no other reason than a sign of engagement.

What’s your take? Do you know anything about review likes that I should know? Please, share in the comments, and you know what I’ll do if you share a good tip? I’ll thumb up your reply!

Sign up for The Moz Top 10, a semimonthly mailer updating you on the top ten hottest pieces of SEO news, tips, and rad links uncovered by the Moz team. Think of it as your exclusive digest of stuff you don’t have time to hunt down but want to read!

Reblogged 6 months ago from tracking.feedpress.it

4 Crucial Things to Consider When Creating a Search Engine Friendly Title Tag

One … Continue reading “4 Crucial Things to Consider When Creating a Search Engine Friendly Title Tag”
The post 4 Crucial Things to Consider When Creating a Search Engine Friendly Title Tag appeared first on OutreachMama.

Reblogged 7 months ago from www.outreachmama.com

10 things you should know about Romesh Ranganathan

In case you haven’t heard, comedian, actor, producer, and all-round jolly good bloke Romesh Ranganathan will be our celebrity host at this year’s dotties awards, where he’ll be handing out awards to the winners, and hopefully treating us to some of his deadpan comedic delivery.

In anticipation of his appearance at the dotties, and for those of you who may not be too familiar with his work, I’ve got 10 things that you should know about Romesh Ranganathan.

2 x 10 + 1 = Romesh done

Romesh made his comedic debut in 2010, whilst still working his job as a mathematics teacher in his hometown of Crawley, West Sussex. He joins the list of comedians who used to be teachers, which includes Billy Crystal, Greg Davies, and, uh, Roy Hodgson.

His jokes are stinkers

His debut live show, Irrational Live, dominated the country in 2016 with a string of sold-out shows, one of which The Guardian described as having ‘irresistible gags with stink-bomb impact’. It was later released as a concert film, becoming a bestseller in the process.

You’ve probably seen him on a panel show

The last four years have seen Romesh establish himself as a regular or guest on several panel shows, including Mock the Week, 8 out of 10 Cats, Would I Lie to You?, The Last Leg, Have I Got News for You, and QI.

He’s on the telly a lot

Alongside his stage and panel show performances, Romesh has also starred in a number of other TV programs. These include:

Asian Provocateur – The first series, on BBC Three, saw Romesh travel to Sri Lanka to learn about his parents’ country of origin and its culture, meeting family members along the way. The second series, Mum’s American Dream, saw Romesh and his mother, Shanthi, travel to the US to meet more family members.

Just Another Immigrant – This American docuseries premiered on Showtime in June 2018. It follows Romesh, along with his wife and three children, his mother, and his uncle, as they immigrate to the US. As the series progresses, Romesh and family attempt to rebuild their life from scratch, and Romesh attempts to sell out a 6,000-seater venue in just three months.

Judge Romesh – Falling somewhere between Judge Judy, Judge Rinder, and The Jeremy Kyle Show, Judge Romesh sees him settling disputes in a fictional civil court. The first series finished its run at the beginning of September and was screened on Dave.

And he’s got even more on the way

I wonder whether Romesh finds time to sleep, because his new TV series, The Misadventures of Romesh, sees him travelling way, way out of his comfort zone and away from the world of complimentary breakfast buffets to some of the most unlikely places on earth for a holiday.

A man of many talents

Romesh has also performed as a freestyle rap artist under the name of Ranga, and he once managed to reach the finals of the UK freestyle competition.

You can find a video of Romesh battling another comedian on YouTube, but there’s a bit too much foul language for me to embed it on this blog, so here’s a clip of him freestyling on BBC Asian Network instead:

Part of the VGang

Romesh is vegan, having been vegetarian up until 2015. He wrote an article for the Guardian last year about how you can survive Christmas as a vegan. Take a look at the article here.

Aquarius Comedian

Born on January 31st, Romesh is an Aquarian comedian, just like Hannibal Buress, Chris Rock, and me.

He’s got his own memoir

Next month sees the release of Romesh’s first book, Memoirs of a Distinctly Average Human Being. Being a distinctly average human being myself, I am very much looking forward to reading this and seeing how our lives compare.

Hip-hop saved his life

Romesh also has his own hip-hop podcast. Named after the Lupe Fiasco song of the same name, Hip-hop Saved My Life has featured guests such as Chali 2Na, Loyle Carner, DJ Yoda, Scroobius Pip, and his mum.

He also got a chance to meet Lupe Fiasco in an episode of Just Another Immigrant:

Now that you’re more closely acquainted with Romesh, perhaps you’ll want to submit an entry to the dotties? If you’re a dotmailer user, then take a look at the categories, and find out how to enter here.

The post 10 things you should know about Romesh Ranganathan appeared first on The Marketing Automation Blog.

Reblogged 1 year ago from blog.dotmailer.com

GDPR – 12 months to go, 12 things to think about (Part 4 of 4)

In Part 1 we covered raising awareness, data audits and privacy notices. While in Part 2 we covered how GDPR deals with individuals’ rights including subject access requests and legal basis. In the last instalment, we reviewed consent, marketing to children and data breaches. The last three things to think about are data protection impact assessments, data protection officers and international considerations.

10. Data Protection Impact Assessments

It has always been best practice to take a privacy-by-design approach when developing your data capture and processing strategies, as well as a key part of any technology implementation. Privacy impact assessments are fundamental to this approach by giving marketers a useful tool to consider properly the privacy risks that their data processing entails. All the GDPR does here is make privacy by design an express legal requirement and makes PIAs (renamed in the regulations as Data Protection Impact Assessment or DPIA) a requirement under certain circumstances where the data processing is likely to result in high risk to the data subjects such as:

  • where new technology is being deployed
  • where a processing activity is likely to significantly impact individuals
  • where there is large-scale processing on special categories of data

For most marketers, it will be the first two circumstances that will be most likely to trigger a DPIA but it is important to know the special categories of data if appropriate in the future.

In many if not most situations, the DPIA will indicate that the processing of the data is not high risk or if it is high risk, you will be able to address those risks. If you cannot mitigate the risk, you should contact the ICO for guidance on whether processing the data will comply with GDPR.

If you haven’t already, you should start to asses if any DPIAs are warranted within your organisation, who will lead them and who else needs to be involved. There is great guidance published by both the UK ICO and the Article 29 Working Party on DPIAs and privacy by design.

11. Data Protection Officers

US President Harry S. Truman had a sign on his desk that read “the buck stops here.” It was his assurance that he was ultimately responsible for how the government operated under his administration. Historically when it comes to data, the buck has not stopped anywhere due to the way that the collection and processing of data has grown organically within businesses and other organisations. I was speaking with one head of CRM recently who told me of the over 80 marketing databases that they currently have. It is going to come down to this CRM manager to get all of that data into a single place.

Every organisation should designate someone to “take the data buck” – to be ultimately responsible for data privacy and compliance. You should also have a think about where this role of Data Protection Officer (DPO) sits within the organisation and overall governance structures so that the person in this role has the freedom to act, should the need arise. In many instances, the GDPR has overcome this by specifying situations where a DPO is required such as:

  • public authorities
  • organisations that carry out large scale, regular and systematic monitoring of individuals
  • organisations that carry out large scale processing of special categories of data

Whomever the designated DPO, it is important that they have the knowledge, support and authority to carry out their role effectively. The article 29 working party has some good guidance on roles and responsibilities of a DPO.

12. International Considerations

The first thing to remember here is that Brexit will have little to no impact on GDPR. The government has confirmed on multiple occasions including as recently as the Queen’s Speech on 21st of June 2017, that GDPR will be the data protection law in the UK going forward. Moreover, the UK will still be an EU member when the law goes into effect on the 25th of May 2018.

If you operate in multiple EU member states, then you should determine which would be your lead data regulator. This is not meant to be a way to be under the auspices of the most favourable regulator. Your lead regulator should be the state where your central administration in the EU is based or the location where decisions about your data processing are taken. You can do this by mapping out where you take your data processing decisions and the country with the preponderance of those decisions is the one you should choose. If on the other hand you are not engaged in any cross border data processing, then your decision here is quite straightforward. Once again, the Article 29 Working Party has produced some guidance that will help you make the correct decision.

Conclusion

As I said at the beginning of part 1, data recently released by the DMA indicates that marketers are feeling less prepared for GDPR than they did in February. Marketers are also feeling less knowledgeable about GDPR in general and their four big concerns are:

  1. Consent
  2. Legacy Data
  3. Implementing a compliant system
  4. Profiling

I hope that this blog series has gone a little way to making you feel more prepared or at least has given you some things to think about and some things to start discussing internally. Over the coming weeks and months, dotmailer will be publishing useful guidance from recognised sources geared towards email marketers. Our approach is to keep our readers up to speed based on facts directly from this reputable guidance or vetted by the UK or other data regulators around Europe. In addition, our teams will be ready to help you implement the advice you receive from your professional advisors within the dotmailer environment.

The post GDPR – 12 months to go, 12 things to think about (Part 4 of 4) appeared first on The Email Marketing Blog.

Reblogged 2 years ago from blog.dotmailer.com

GDPR – 12 months to go, 12 things to think about (Part 3 of 4)

In Part 1 we covered raising awareness, data audits and privacy notices. While in Part 2 we covered how GDPR deals with individuals’ rights including subject access requests and legal basis. In this week’s installment, we will be reviewing consent, marketing to children and data breaches.

7. Consent

Under the Privacy and Electronic Communications Regulations, email marketing is consent-based. GDPR however, more fully defines how to get consent with the following stipulations:

  • Must be freely given – giving people genuine choice and control over how you use their data and “unbundling” consent from other terms and conditions; in other words, consent cannot be a precondition for a service unless it necessary to deliver the service.
  • Specific – clearly explain exactly what people are consenting to in a way they can easily understand (i.e. not with a load of legal mumbo jumbo) and in a way that does not disrupt the user experience.
  • Informed – clearly identify yourself as the data controller, identify each processing operation you will be performing, collect separate consent for each unless this would be “unduly disruptive or confusing”, describe the reason behind each data processing operation, and notify people of their right to withdraw consent at any time.
  • Unambiguous – it must be clear that the person has consented and what they have consented to with an affirmative action (i.e. no pre-checked boxes). Therefore, silence would not be a valid form of consent.

In the last instalment, we talked about deciding on the legal basis you will use to process your marketing data. Consent is not your only option. That said, it is always a good idea to know the source of all of your data, how that data flows through your various systems and what consent you have for the processing of that data. The ICO has published detailed guidance on consent and has produced a consent checklist to help you review your current practices.

8. Children

For the first time, the GDPR specifically calls out the rights of children and offers special protection for their personal data in the digital world. If you offer what the GDPR calls “information society services” to children and you rely on consent to process their data, you may have to get the permission of the parent or guardian before processing that child’s data. The GDPR set the age at which a child can consent for themselves at 16 but the UK may lower this to 13. One interesting thing to note is that the parent or guardian’s consent expires when the child reaches the age at which they can give consent, so you will have to refresh their consent at that milestone.

9. Data Breaches

The GDPR makes it the responsibility of all organisations to issue notifications for certain types of data breaches. You will have to notify the ICO if the breach is likely to impinge on the rights and freedoms of individuals such as financial loss, loss of confidentiality or significant economic or social harm. If this risk is high you may also have to notify the individual directly. Now is the time to think about your policies and procedures for identifying and managing data breaches.

So far, we have given you a lot to think about and we hope you have gotten started. Check back next soon for our last instalment where we will look at privacy by design, data protection officers and international considerations.

The post GDPR – 12 months to go, 12 things to think about (Part 3 of 4) appeared first on The Email Marketing Blog.

Reblogged 2 years ago from blog.dotmailer.com

GDPR – 12 months to go, 12 things to think about (Part 2 of 4)

In Part 1, we covered raising awareness, data audits and privacy notices.

4.    Individuals’ Rights

Just ‘getting ready’ for GDPR is not going to be good enough because you may also have to prove to the regulator that you are ready for GDPR. One critical proof point will be the decisions you make in getting ready for GDPR, as well as what you will do going forward after its implementation. Get in the habit now of documenting all of your decisions and the deliberations that went into them (more on this under the Protection by Design section). You will also have clearly defined and documented policies and procedures to comply with GDPR. These cannot be the kind of documents that are written and then live in a cupboard just in case something goes wrong, but rather they need to be distributed to staff in a useful format with comparable training so that the processes become habit within your organisation.

One area that is very well suited to this is protecting individuals’ rights. Most of the rights under GDPR are not that different than under the DPA, but now is a good time to ensure that you have your documentation in order. It is also a good time to ensure that your procedures will be compliant around things like correcting data and subject access requests.

5.    Subject Access Requests

While we are on the topic of Subject Access requests, these are changing under GDPR. First, the down side; you will no longer be able to charge for these and you will have to reply within 30 rather than 40 days. You will also have to provide some metadata along with the data subject’s own data, such as your data retention periods and many of the other things covered under the notices provision.

The good news is that you can charge for or refuse excessive requests (too frequent) and you can ask the data subject to specify the data they are looking for if you process large amounts of data. You will also be able to provide the data electronically in many cases.

6.    Legal Basis

Under the GDPR, the legal basis for processing data is all-important because individuals’ rights can change depending on the legal basis you determine for processing the data. It will be important for businesses to balance the requirements of consent and the legitimate interests that the GDPR provides for. The other legal basis that many email marketers will rely on is processing the data with the subject’s consent.

That puts us half way through the twelve things you should be thinking about to prepare for GDPR. Check back soon for the next two installments.

Editor’s note: The materials and information above is not intended to convey or constitute legal advice. You should seek your own advice specific to your business’ requirements.

The post GDPR – 12 months to go, 12 things to think about (Part 2 of 4) appeared first on The Email Marketing Blog.

Reblogged 2 years ago from blog.dotmailer.com