It has now been over 100 days since the General Data Protection Regulation (GDPR) went into effect in the European Union, although it impacts businesses across the globe.

The GDPR is a privacy law approved in 2016 with an implementation deadline of May 2018. The law aims to protect all European citizens while unifying data privacy laws across Europe. GDPR is enforced via penalties equal to 4 percent of a company’s annual global turnover up to 20 million euros.

With such a focus on online privacy, GDPR is a huge consideration for marketers and publishers worldwide.

A key change in GDPR enforcement revolves around how companies obtain consent from consumers. “Previously, implicit or opt-out consent was allowed in certain circumstances. As an example, under previous laws, it was acceptable for email marketers to pre-check their opt-in boxes when signing users up to receive their emails,” says Elizabeth Schweyen, a privacy specialist with Return Path, an email marketing firm.

But those pre-checked boxes are no longer allowed.

Under GDPR, there are many questions online marketers and publishers need to ask themselves regarding how they are engaging with consumers.

“Is your current consent unambiguous?” Schweyen said. “Does it require a statement or clear affirmative action in order to opt someone in? Inaction, pre-checked boxes, or opt-out language is in violation.”

Schweyen’s firm said that even though their privacy policies previously hinged on transparency, they still made changes to their business.

“However, to better comply with GDPR, we’re moving to a single Privacy Policy across all products in the organization,” Schweyen added. “This allows users to more easily access all policy-related information in one spot versus multiple privacy policies. The Privacy Policy will more clearly inform users how their data will be processed and shared.”

The day GDPR became law, thousands of websites and marketing services based in the United States went dark in Europe instead of attempting to comply. Months later, there are still over a thousand websites blocked in Europe due to noncompliance.

That does not have to be the case. With a little know-how, there is no reason to be scared of operating in Europe or concerned that privacy policies cannot meet the requirements for compliance. At &THEN, DMA’s annual event in Las Vegas next month, a whole workshop is dedicated to the topic. Led by Schweyen, “GDPR: Keep Calm, Take Action and Stay Compliant” will educate attendees about the key changes brought about by the law and lay out a road map toward compliance.

This article is brought to you by &THEN, DMA’s annual event. Click here to join the leaders of the marketing community and advance your data and marketing mastery in Las Vegas, October 7-9.