This post is part of our series: Find Out Fast If Your Business is GDPR Ready. Our goal is to help businesses make sense of privacy and data. AE is your Babel Fish for GDPR Legalese.
GDPR. GDPR. GDPR.
Anyone else still recovering from the GDPR (General Data Protection Regulation) inbox flood?
If you’re based in North America, you’ve probably also wondered to yourself if you’re even affected by GDPR. (Spoiler: you are!)
The GDPR’s Global Impact
While centered on the European Union (EU), the GDPR has a global impact. Here’s why.
Even if you’re based in the US, Canada, or Mexico, if you handle any data from EU customers (there are 28 countries in the EU), you’ll be affected.
There are certain caveats to these rules:
- If the EU visitor/customer is not in the EU when you collect their data, the GDPR does not apply.
- Your visitor or customer does not need to purchase from your site for the GDPR to apply to your business.
- If you’re hosting a generic survey without directly targeting EU consumers, but a prospect from Britain fills it out, they are not covered under GDPR. However, if your study even mentions the EU, then the law kicks in.
But what about California?
The California Consumer Privacy Act of 2018 is another hot ticket item that could bring GDPR-like privacy rules to California– the heart of tech.
This could spell out a major change for businesses that collect and sell customer data. Customers will have to ask how their data is being used, and request to be removed (opt out). The GDPR focuses more on opt-in requirements, making the California regulations much more friendly to data collectors.
Customers who choose to opt out, cannot be punished or charged higher fees for services. And here’s the clincher: it allows public prosecutors and citizens to sue for data breaches or for the sale of personal data after someone has opted out. There’s no requirement that specific harm be proven before damages can be awarded.
Citizens can sue for data breaches and there’s no requirement that specific harm must be proven before damages can be awarded under California’s proposed Consumer Privacy Act.
This will make effective tracking and following through on opt-outs a top priority for companies that collect data in California.
What does this all mean for marketers in North America?
In a time where people are being asked for their data on a daily basis, and that data is being traded with other businesses, it’s about time customers gained some power. Historically, customers have had their data traded and sold without their knowledge, and with the rise in cybersecurity leaks, it’s well past time every internet user had rights.
As a marketer, it means you need to be prepared for a new age of data collection and transparency.
With these regulations moving from a possibility to a reality, we need to become proactive. Even if California’s privacy act does not pass, it’s inevitable that marketers will see a shift in data collection regulations.
Marketing strategies must shift from a cold transactional approach, to a warm, transparent and relationship-focused strategy.
So, How Do You Build Trust as a Marketer?
It starts with upfront communication before you ask for any customer data.
When you collect data from customers, you need to clearly tell them how you plan on using that data. The context will matter when working within regulations like GDPR, because your stated context for collecting/using data is the only way you are legally allowed to use this data.
You can earn big points with consumers for providing the transparency they deserve.
From there, you need to give them explicit details on how you will use their data, and if you want to send them different information, you need to get permission.
- General Data Protection Regulation full text
- Straight to the source: if you’re feeling brave and erudite, consult the Regulation itself.
- GDPR Official Site FAQ
- If you’ve got some questions about the nuts and bolts, the official GDPR FAQ is a great place to start.
- Gartner’s Five Point Guide to GDPR, (including a description of individuals’ rights)
- This guide identifies “five high-priority changes” organizations should make to prepare for GDPR requirements.
- IDC Five Steps to GDPR
- This white paper is basically a more in-depth version of the five-step guide above, so if you want more details, here’s the next stop.
- SAS Institute ebook – Working Toward GDPR Compliance
- If you’re looking for a full instruction manual on GDPR compliance, you can download an ebook on just that topic right here.