GDPR and You: What It Is and How You Can Prepare for It
As more and more sales and marketing processes have shifted online, data has increasingly become a valuable tool for businesses to target and re-target potential customers. In many recent cases, this has resulted in privacy breaches that have compromised consumer private and public data. As a result, the EU has enacted policies with consumer protection at the forefront known as GDPR or General Data Protection Regulation. Unfortunately, almost 80% of companies had no idea what it was when the policies were enacted. If you don’t want to be one of those companies with a lawsuit on their hands in the next couple years, read on to find out more about what this new regulation is and how you can prepare for it.
What is GDPR?
By now you’ve most likely seen this acronym pop up all over the web on sites that you visit on a regular basis, in your email inboxes, and even on social media chatrooms. Whenever we make a purchase, pay a bill, or share documents, we are giving companies access to crucial information they can later use. Some of this data may even sit in reserves and be vulnerable to hackers. The new policies from the EU are a way of giving consumers control over their private and personal data including email addresses, bank information, social networking details, medical data, and IP addresses. As a result of the policy, enforced on May 25th, EU citizens are given access to eight basic data privacy rights:
- The right to find out how the company is using and processing their data
- The right to have their data deleted by the company
- The right to transfer data to a new service provider
- The right to be informed before the company gathers data
- The right to have data updated
- The right to forego data processing by a company
- The right to forego direct marketing as a result of data processing
- The right to be informed of a data breach within 72 hours of the breach occuring
And this will not only affect companies in the EU. Any company that offers a good or service to EU citizens will be responsible for holding up the guidelines. For example, if you are a hotel outside of Europe that caters to guests from the EU, you will still need to make sure your sales and marketing activities are GDPR compliant or else risk a fine of 4% of global revenue or 20 million euros.
How Can You Prepare For It?
Data management is such a crucial aspect of sales and marketing activities that companies have completely rewritten business strategies in order to remain compliant with the new policies. One thing you can do to stay ahead of any potential lawsuits is to appoint a full time designated data manager who can ensure quality data practices. Additionally, some other steps you can take to ensure compliance are:
1. Mapping out where all of the customer data for your business comes from.
2. Determining what the financial loss or gain is in erasing certain data caches.
3. Documenting how you are using the data and any risks associated with this.
4. Maintaining company-wide data safeguards to block potential breaches and having a protocol for notifying customers quickly in case a breach occurs.
5. Reviewing your privacy agreements and adjusting them. Simple opt-in agreements for email collateral is not enough anymore.
6. Establishing the procedures for dealing with the eight basic rights customers now have in regards to their data privacy.
With these new changes will come new ways of doing business that will empower the customer. Because compliance definitions are still being worked out by regulators, adhering to strict policies will take some time. As a result, guidance and adjustments will be made as more companies start to change procedures to comply with the new rules. Since the new policy was created with consumer protection in mind, stating that you are compliant upfront, in your marketing and sales activities, and in the fine print of your own policies can build deeper trust and loyalty with your consumers.