What is GDPR or RGPD? What changes for my SME in 2018?

The GDPR or RGPD is the new regulation that aims to improve the protection of personal data of EU citizens. But do you know what it is exactly? Learn about the most important features of this new law and what changes it will imply for your business in 2018.

In this online conversion process, what interests our SME is to get the contact details of the users who in turn are interested in our content: on our blog, on our website, on our social networks… Data that we use, for example, to create segmented lists to send email marketing campaigns to.

To date, the use we made of this data was regulated by the Organic Law on Data Protection (LOPD), but as of May 25, 2018, the General Data Protection Regulation(GDPR) will come into force.


This new regulation includes new provisions that we must take into account when executing any online marketing campaign. Also think that as companies, all the communication channels we use will be affected. For this reason, we must pave the way for additional measures to comply with all requirements.

So, what exactly is GDPR or RGPD?

The GDPR is a new European Union Regulation that aims to greatly improve the protection ofEU citizenspersonal data and increase the obligations of organizations that collect or process such data. This regulation builds on many of the requirements of the 1995 Data Privacy and Security Directive, but includes several new provisions to strengthen the rights of data subjects and addharsher penaltiesfor violations.

Basically, the General Data Protection Regulation is based on the Organic Law on Data Protection (LOPD); however, there are some modifications and changes to the General Data Protection Regulation. contains new obligations that dependanto a large extent, of the type of company and its management.s use of personal information of your contacts.

In short, the GDPR will affectall those companies that market their products and/or services to EU individuals; or, that in the course of their business need personal data of EU citizens. In this way, the regulation has a broader territorial scope, since it even affects companies whose headquarters are not located in the EU.

Among the major innovation brought about by GDPR is:

  • The principle of proactive accountability that requires companies to analyze what data they process, for what purpose and what kind of actions they take with that data. In other words, this new regulation requires companies to have a conscious, diligent and proactive attitude regarding the use of the personal data we handle.
  • The risk approach in which the application of the measures of this regulation should be considered based on the risk to the rights and freedoms of EU citizens. In other words, we need to think about how the use of personal data affects our contacts.

So what complexity will this bring to SMEs?

Considering the changes that GDPR will bring, SMEs will need to keep several concepts in mind when collecting and making use of EU citizens’ contact data. In simplified form, these five issues are the most salient:

  1. Transparency and explicit consent. With the GDPR, the use of personal data must be justified, providing all the necessary information so that users know at all times what actions the company will take with their personal information. In addition, it is necessary to have an unequivocal consent in the acquisition of these data and not to be assumed the acceptance by the user’s inaction. For this reason, many data protection notices have to be modified.
  2. Regulated data. The definitions of “personal data” and “sensitive data” have been expanded, for example, the latter now includes genetic and biometric data.
  3. Breach of personal data. A new security breach reporting law is included for all companies that handle their contacts’ data, regardless of their industry.
  4. Data protection. Organizations are required to adopt new technical and organizational measures to demonstrate their compliance with GDPR.
  5. Improved user rights. Those contacts who consent to provide their data are also granted substantive rights including the right to be forgotten, data portability rights and the right to object to automated decision making.

Does this mean the end of email marketing?

Many businesses, mainly SMEs, are concerned about the implications these changes have on the execution of their online marketing strategy, especially when it comes to email marketing campaigns. So, does GDPR spell the end of email marketing?

As you can see, the answer is no. Although it will now be more complicated to get users’ email addresses, the ones we do get will be much more valuable than the ones we have had so far. Why? Basically because by giving their full consent, we are initiating a conversation with contacts who are really interested in our company. And these potential customers, with your strategies, you have a better chance of converting them into end customers.

Think about it! How many emails are you tired of receiving? How many do you not open or throw directly into the garbage can? And in your SME, how many contacts end up unsubscribing? How many contacts in your database are no longer valid?

Although with this regulation it may seem more complicated, the truth is that it will be easier to recognize the realinterest of ourcontacts in our products or services. Our contact database will, after all, be much more active.

And how to stay compliant with GDPR?

Since it is a requirement of the GDPR that you have the consent of your contacts to receive emails, it is time to perform a cleanup in your CRM of those who are not active, of those contacts who are not interested and follow the following tips:

  1. Find your most active contacts and customers, and be sure to prepare an email notifying them of the measures you have taken to comply with GDPR, protect their data and confirm that they want to continue receiving your emails.
  2. Identify those users who are interested in your content and to whom you can continue to send emails using legitimate interests. But remember to limit this sending of emails, because depending on the objective, not all of them may be justified.
  3. Update your forms or other data collection channels. Be sure to make it clear what the requirements are to belong to your contact database and clearly state what kind of emails they will receive once they fill out one of your forms.

To check if your SME is ready for this change, you can review some practical questions that will give you the keys to your company’s current situation. And since GDPR is a broad topic, if you feel you need more information, we have prepared a guide thinking about exactly what companies’ needs are when implementing this new regulation in their online marketing strategy.

× !Hola¡ Estamos aquí para ayudarte