CGL: Understanding the GDPR (General Data Protection Regulation)

 In CityGro Live


Alright, welcome to CityGro live. We’re here with Luke Gordon, the one and only got one starting question for you. We’ve got all kinds of colors of CityGro shirts and you have to wear the one that I’m wearing.

Well, I guess I just enhanced my wardrobe.

We both need to get different colors. A, we’re excited to be here today. We’re talking some policy stuff today, specifically the GDPR, which if you haven’t heard of now, you probably haven’t been in your email for the last or in a week because it seems like every day we’re getting dozens of emails with updated privacy policies, updated terms and conditions. What is the GDPR?

Great question. Really the GDPR is Europeans, new regulations. It’s a data protection is really the idea behind it is that they want to help consumers be able to protect their own data. They want to help consumers being able to know what’s being shared about them and uh, allow, allow them to be able to modify it, correct things and ultimately delete them that way they can control where their data is being shared.

So, so it’s following suit of other, I guess, regulations that have been in place for a little while like we’ve talked to here on the show about TCPA, the telephone consumer protection act that we follow and regulates a lot of texting and so, so and, but that’s here in the US. So tell me, you said you said it had to do with a Europe, where does the GDPR apply to?

So there’s a few different scenarios of when it applies to you. So as you mentioned, we follow the TCPA very closely here at CityGro. We’re at text marketing a company. We deal with that a lot. We do other things as well, but with that we, we receive written consent from consumers and so we’re following a lot of that protocol that the GDPA has in place. But what’s happened is the regulations that Europe had worked for back in, I think it was 1996, it was in the nineties when they establish their, for their last regulations. And so the regulations haven’t been as strict as they are here in the US. And so you can simply just take a phone number and you can start texting that phone number here in the US. You didn’t have that ability. You had to receive written consent to be able to text somebody and so that’s where this really applies in in CityGro’s sense or really if you’re doing any text marketing is that you have that written consent. I shouldn’t even say text marketing. It’s text marketing is email marketing and any kind of marketing that you’re doing, but when it applies to you is if you are, your company is based in one of the European Union countries. If you mark it out to anyone who lives in one of those countries and when I say your market out to anyone who lives in that country, that means that they’re currently residing. So if I have a customer who comes to the US who is from there, this doesn’t apply to me,

but if you have a US customer that now resides in the EU, it does apply.

It does. Well it does. If you’ve marketed to them when they lived there or tried to reach out to them a while, they lived that. So if you’re doing any kind of marketing methods within your company or target anyone that’s a in Europe, you need to abide by the laws and regulations or basically the regulations of the guidelines here. Um, but if you’re a US company and you don’t do business with anyone who lives in Europe and they happened to see your ad on online, then you don’t necessarily have to follow it. It’s only if you’re targeting somebody who lives there,

But, but in general it’s, it’s really a good move forward to help protect consumers.


Um, a lot of it we already agree with and uh, and, and do. Um, so I think in general it’s a good step even if you don’t necessarily live in those regions to, to follow these practices. So with that being said, what are just the main things that we need to know from a marketing standpoint or people that may be related to CityGro? Uh, what would they want to know from the GDPR?

Great question. number one is you have to get express written consent. So with the express written consent, you can’t have a link to complicated terms and conditions. They need to be written out very plainly and very clearly. What are you going to do with my information? Once you capture information?

Makes Sense.

Are you going to store my information securely? Um, one thing that is unique there for the, the GDPR is that you can’t pre-opt anybody in. So when you have an opt in box that says, would you like to receive messages? You can’t pre-check that box.

Which is a big strategy that we in a lot of other people’s use is, is that you start with it checked.

Correct? Correct.

So you’ve got to start with it un-checked.

Yup, exactly. You have to be very clear on what you’re doing. Um, and so that’s from the known consent side of things outside of the known consent. I’m really, you have to let them know what you’re doing with the information we have to disclose. Okay, well I’m going to get your information so that I can send out marketing messages to you. So that I can do this with the information, if you’re aggregating the information, you need to let them know how you’re going to aggregate the information. Um, especially if you’re a company that has over 250 employees. So that’s kind of where the threshold is, is that if you do have a company over 250 employees, you have to provide the aggregation methods of what you’re doing within your company. But if you’re a smaller company, you need to provide the information, you need to tell them what you’re going to do. And then in addition to that, you need to provide the ability for them to be able to often they can modify their information and ultimately they can self-delete their profile if they no longer want you to have it here.

So this would be a contact that’s in your database when you have access to do all that. So. So that’s one thing that’s actually changed on the ground. The CityGro is updating our system to allow that kind of stuff. Is that okay?

And really when you look at everything that’s, that’s the one piece that we didn’t have before, outside of that, we were doing almost everything that the GDPR requires, but now we’ve created that contact portal where the contact would be able to capture that and be able to look up their information, modify their information, and then ultimately delete it.

So talk real quick because uh, we’ll uh, we’ll have a lot of our customers listening to this who is, who has access, who needs access to that, to that customer contact portal.

Okay. So the content portal itself on the person who would get access is going to be your consumers, the end consumers who would be getting access to that now that’s provided for our clients that we work with, the companies that we work with that are in the EU, um, that they can be able to utilize and access. Right now we have that coming for other clients that are part of our pro plus package here within the US in the near future. And then with that, right now, currently the business owner has the ability to capture all the information. Not captured, but to see it and modify it into lead it. Now we’re providing a way for the consumer to be able to do that.

So previously they could reply, stop or on an email, unsubscribe all of that kind of stuff, but now they can actually go in and delete their profile. Correct. Change their birthday, change whatever data we have on them. Correct sense. I didn’t mean to cut you off. I think you were talking about third party or getting into a third party data and notifications.

Really, that’s, that’s the next piece with it is that I’m with the things you need to know is if there’s any kind of third party that access to the data you need to provide that information, what they’re going to do to your consumers. You need to disclose to them if you use cookies, you need to disclose to them the purpose behind your cookies with the third parties that we use. Um, that’s the business owner’s decision to be able to, to help us integrate. We don’t provide any information to any other third party. And so with that, where we’ve been in complete compliance with it, um, and so you just need to make sure you disclose that if you do, I’m really the last piece is that if you do have any sort of data breach, you need to make sure that you have a plan of how you’re going to notify everybody so that they’re aware of what they’ve done or, or what’s happening and where their information I have gone in, if there’s any, any risk on there,

I see a 72 hours. Is that kind of the limit that you need to know to notify them within that time period

within that 72 hours. Now if you’re not compliant with any of the different pieces with the GDPR or you don’t inform your customers within that 72 hours to find is pretty hefty and find is actually two percent of your global revenue. That’s gross global revenue. So they are very stringent on this. That’s very important that you follow these things within CityGro. We’re very strong about, you know, protecting your consumer data and that for them we’ve been in compliance with almost everything except for that customer portal. We’re making a few changes here to make sure that you can and you are disclosing everything you’re doing with the information with our, with our optin screens. So that’s just really important that you do. Make sure that you understand how it applies to you completely so that you can follow these things.

Cool. Cool. I think that covers all the basics. I’ll sum it up real quick. Turnovers for some final thoughts to. And we’ll, we’ll shut this off. So now, now work. So it’s, it sounds like just overall GDPR is, is another step forward to protect, protect consumer data. Uh, we, we need to let our customers know and context that opt into our, uh, our subscription services, um, what we’re doing with their data, where it’s going and give them full access to it. It’s really just a play to be more transparent with all that data. Um, I will note that even if it doesn’t apply to you, these follow a lot of best practices. Absolutely. No one’s going to subscribe to a low l I, I shouldn’t say a lot of people do subscribing list without knowing what you’re doing with their data, but it’s a, it’s a, it’s, it’s considered best business practices to get consent now reach out to people. I mean, that’s the difference between spam and marketing mix messages that are really more like his consent driven, a very transparent thing though. Everything. Um, so I see this as a really good thing all across the board, not just to who is affected directly by any other thoughts?

Absolutely. That you’ve pretty much summed up everything, all the different aspects of it. The most important things that we’re doing. I mean really when you look at it as a consumer, as they opt into receive messages and to be able to store their database with you or provide their information, they need to be able to opt out and be able to retract their information just as easy. And so we’ve, we’ve made the steps to be able to help provide that for them.

Cool. Well thanks Luke for summing that up for us. Being here with us. Uh, we do have a blog post, it’ll be written within the day or will be published within the day. So look for that link in the comments below and we’ll see you next time. All right, thanks.


Recent Posts

Leave a Comment

Start typing and press Enter to search