Will the GDPR Impact Your Business?
In a global economy, when laws go into effect overseas, they could impact us all. After all, we all have websites for our businesses that are accessible to anyone with internet access – anywhere in the world. That’s why it’s important that we stay aware of wide-sweeping new laws such as the GDPR (General Data Protection Regulation), which will go into effect on May 25, 2018.
Does this apply to your business directly?
The short answer is that pretty much everyone could be affected by GDPR – even if you are not a business located in the EU. Since the internet is global, technically all websites would have to comply with GDPR, assuming you are displaying your site in the EU.
Of course, we are not lawyers so this is not legal advice. However it would seem logical that those explicitly working in the EU and/or marketing to EU citizens would be at the greatest initial risk of non-compliance. Examples of targeted marketing may include a website or other digital communication in the languages of those in EU countries, websites domains with URL endings of those countries, an online point of sale setup that accepts currency of those countries.
All of the above said, every website owner should be crafting a plan to comply with GDPR regardless if where you are located, who you do business with, etc. This is likely to become the defacto standard across the board. And by complying now, you’ll protect yourself against EU’s compliance penalties (which are harsh and expensive).
What’s GDPR all about?
The GDPR is basically bulking up consumer privacy and data right. It’s giving consumers more control over their privacy preferences – and how data is collected, saved, deleted, etc. The legal default is non-consent. Any data collection from a consumer – from collecting an email address to a full transaction – will require very specific and very explicit consumer consent. The default can not be an assumption of consent – by virtue of visiting or doing something.
Here are more of the rights that are explicitly granted to consumers through the GDPR:
- The Right to Be Forgotten/The Right of Erasure
- The Right to Rectification
- The Right of Access
- The Right to Restriction of Processing
- The Right to Data Portability
- The Right to Object
(To learn more about the specific rights given to consumers by the GDPR, we recommend this.)
What Needs to Change?
That’s going to look different for every business. But you need to know how you are collecting data, from where, from whom, where it’s going, etc. You need to have this information so that you can be confident you are in compliance, as well as for ease of reporting. The GDPR includes a rule, in which an organization has 72 hours to report a data breach, to avoid hefty fines!
Steps You Should Take If You Think This Applies To You…
- Speak with a legal advisor who is familiar with global business law and data protection, to make any specific decisions, especially if you currently do business directly with the EU. There are some complexities to this law that you will want to be aware of now.
- Conduct a customer data and security audit. Our friend and colleague Ed, over at Kingfisher Technologies, conducts these types of audits regularly and recommends being proactive with them. Ed recommends that they are done at least annually or any time you have any security concerns. They need to be done even more often if you are storing particularly sensitive data such as health records or credit card information.
- Name a Data Controller within your organization to initiate and manage GDPR, customer data, and security concerns as they arise. This person should be knowledgeable in data privacy issues and equipped with the information they need to be proactive in tightening your data security.
- Add explicit consent checkboxes in all your current webforms and subscribe boxes. While we aren’t lawyers, we recommend that all companies just go ahead and take this step now.
Will the GDPR impact your business immediately? If you are unsure, we would love to talk with you about your data and where you currently stand with security plans. While we can’t offer legal advice, we can offer marketing technology expertise! For a FREE one-hour consultation with Josh, contact us today!