If you’ve noticed your email inbox getting flooded by every company that you’ve ever had any contact with, you’re not alone. Those new policies are the result of GDPR – The General Data Protection Regulation.
Is your brand GDPR Ready?
Don’t worry – if you aren’t ready for the GDPR, you’re not alone – many brands aren’t ready for the new regulations. We’re here to explain what GDPR is and help guide you toward understanding what changes you need to make to your digital brand as the new regulations go into effect.
The General Data Protection Regulation, or GDPR, is the European Union’s new guidelines for data privacy, and it’s one of the most important changes to data privacy regulations in more than 20 years.
The new regulation tightens Europe’s already strict laws around what companies can and cannot do with people’s data. In essence, the laws are rewriting how data sharing works on the internet by setting new rules for how companies can treat user data. The new policy went into effect on May 25, 2018, in all 28 member states of the European Union, and companies have been scrambling to oblige to the new regulations in time for the roll-out to avoid fines.
So Who Does GDPR Affect?
That means, if you’ve ever wanted to sell a shirt to someone in France or wanted someone in Belgium to download your app – your company has to oblige to the new rules.
GDPR is all about defining what personal data is and what rights people have related to their data. GDPR defines personal data as any information related to a person that can be used to identify them. That could include name, photos, email addresses, bank details, social media posts and messages, medical information, and even IP addresses.
Part of the new regulation deals with who within a company is in charge of the data and to make sure they are qualified and certified to do so. However, the more significant differences are related to how companies can use the data that they gather about their customers. There are four key changes that GDPR is bringing to the world of data privacy:
Under GDPR, the idea of consent is a lot more intense than previous, which means companies will have to ask for permission much more often. On top of that, GDPR demands that companies cut the “legalese” out of their policies – the use of long-winded and convoluted terms and conditions isn’t allowed. Requests for consent and privacy policies have to be clear and easily understandable – there can’t be any uncertainty in what it means. Most importantly, it must be as easy to take away consent as it is to give it.
Notification of Breach
GDPR requires companies to notify all their customers ASAP if they discover a security breach. Many companies feel like they need to keep this information under wraps until they can solve it or until it gets out of control. The new regulations under GDPR only give companies 72 hours, which means customers will be able to take steps to protect themselves sooner.
Access to Info/Right to Be Forgotten
EU citizens get some added benefits from GDPR – they can make requests for their information from a company at any time, and they can also ask that company to erase all their personal data from every company repository. Companies have to accommodate both requests per the new regulations.
Privacy by Design
One of the most significant changes affects the way companies share data behind the scenes. Before, one visit to a website could feed data to dozens of other companies for analytics, logins, and advertising. Under GDPR, companies that receive second-hand data need to explain why they need it and what they intend to do with it.
What Are Penalties for Non-Compliance?
The EU is not messing around – the penalties for non-compliance are pretty severe. Depending on the severity of the con-compliance, organizations can be fined up to 4% of their annual global turnover for breaching GDPR or €20 Million.
Since there are many things still up in the air about what GDPR means in the grand scheme of things, the hope and assumption is that the 5/25 start date was a “soft opening” – putting the initial rules into place and then guiding companies along as they sort through the regulations.
What Does This Mean for Your Brand?
In general, it means that you’ll need to take extra steps to get proper consent from your customers and website visitors every step of the way. Essentially, GDPR shifts marketing consent from an “opt-out” method to a strict, consented “opt-in”.
GDPR is here, and it’s going to make a massive change in how data is handled across the world. In general, a good rule of thumb to keep to as we shift into this “new-world-order” – when in doubt, ask for consent from your customers and always know what you’re doing with their data. We are shifting toward a more transparent world, and GDPR is going to help your company build trust and respect from your customers.
Do you have concerns about implementing GDPR standards for your company? Tell me more about your concerns in the comments.