Checked your inbox lately?
You along with countless others have likely encountered a slew of emails from apps, websites, services, and other companies alerting you to the upcoming changes in their privacy policies. This onslaught of emails has a whole lot to do with the General Data Protection Regulation (GDPR) that went into effect on May 25th and which has the business world buzzing.
The GDPR has long been in the making and is a framework for consumer protection that sets a new standard for collecting data and usage among companies operating in Europe. Its intent is to both strengthen and unify data protection for consumers across the European Union by introducing data protection rules, ensuring more transparency for users, and specifying higher fines for non-compliance and breaches.
Whether it’s through mailing lists, lead generation, or opt-ins, every company, big and small, acquires and processes personal data. Starting May 25th, 2018, every business in the EU — or every business processing personal data from EU citizens — will be subjected to the GDPR.
Why the GDPR Exists
In a study on consumer privacy conducted by ForgeRock, 92% of global consumers want more control over the personal information companies collect from them. 57% say the “right to be forgotten” – that is, the ability to request a service provider to obliterate your data forever — is among the most important of consumer rights regarding the third-party use of their personal information.
What exactly is personal data?
Personal data is at the heart of the GDPR and goes beyond a name and profile pic. It can include a wide amalgam of information such as cookie data, location, racial/ethnic information, political opinions, shopping preferences and so much more which can be used in all kinds of ways and for various purposes. Processing this data is a core component of most business models, but in today’s increasingly interconnected world, there comes with it a greater need to protect that data. Privacy boundaries are constantly being tested. These new changes and rules are important because they apply accountability.
A number of high profile scandals (cough, Facebook, cough) have contributed to the rise in anxiety about how every move made online can be harvested and traded. In the case of Facebook and Cambridge Analytica — a sobering tale of data misuse — over 50 million individuals’ data was harvested from a Facebook personality quiz developed by Cambridge Analytica. This information was then used to create psychological profiles of people (unbeknownst to the users) and then purportedly used for other nefarious purposes.
Who the GDPR will affect
Businesses and companies around the world are preparing for the impact of the GDPR, whose global reach will call on them to be meticulous in the way they manage, store, and process personal user data. The GDPR is relevant to not only multinational companies located in the EU, but will also affect companies of all sizes that have a strong internet presence in the EU, Ecommerce companies accepting EU currencies, and even businesses that see EU visitors.
What the GDPR Means for Businesses
As you might have guessed, the GDPR is kind of a big deal. If any of the above applies to your business, then it’s certainly worth it to carefully review how you handle data to determine if the GDPR will apply to your online activities, less you face steep fines under the new regulation.
Much of the GDPR is built on a set of rules based on previous privacy measures, like the Data Protection Directive, but expands on those measures in two very important ways. First, the GDPR sets the highest standards for obtaining personal data online than ever seen before. Any time a company gathers personal data on an EU citizen, they will need informed and explicit consent from that individual. Users will also be given far more liberty to revoke that consent at any point.
Second, the penalties for non-compliance to the GDPR are severe. Maximum fines per violation are set to 4% of a business’s global turnover (or $20 million — whichever is more). These hefty fees signal the severity of data protection rights, and while penalties may not be quite enough to sink internet behemoths like Facebook or Google, it would certainly be enough to capsize smaller companies.
What’s Going to Change
The biggest and most immediate changes of the GDPR revolve around consent which calls for companies to be more transparent with their users and require them to ask for permission to collect user data. There will also be more opportunities for users to download and view the data companies have on them, which many are already beginning to roll out.
At this point, you may be wondering what the business implications are for this new governing set of rules and how your company might feel its effects. Since the GDPR will also be setting new regulations for how data is shared once it’s been collected, this means businesses will have to seriously rethink how they approach logins, analytics, and most importantly, advertising.
One website alone can easily have 20 ad-targeting partners, many of which are often invisible to users whose data is being shared. But with the GDPR comes new and complex requirements for companies that acquire user data secondhand. Consequently, these hidden partners will now have to be brought into the light and their contracts rewritten to comply with the GDPR.
Essentially, this means the unearthing of a very messy system that has been built on the idea that there are no repercussions to sharing data.
Who Will Benefit
The GDPR is a gamechanger — shaking up the market and the way businesses operate. Companies that will benefit most are those that already create a customer-centric approach that drives personalization and focuses on organically collecting first-party data rather than treating users as names as targets on a list.
The GDPR can be a blessing in disguise if you allow it. Here are just a few ways it can benefit your company:
- Boosting data protection and security
- Being GDPR compliant will improve business reputation
- Working based upon permission creates more loyalty
- More accurate data from willing users
- Forcing organizations to make a greater effort to better online customer experiences
GDPR is Coming — and it’s OK
The GDPR doesn’t exist to leave businesses shaking in their boots, but rather to deepen and protect customer relationships through transparency and trust. By not only complying, but embracing the GDPR and its core principles of fairness, transparency, and lawfulness, businesses will strengthen their positions in the global economy and better withstand the unanticipated consequences of social, digital, and cybersecurity trends.
With the GDPR comes new rules and regulations surrounding digital data collection. Allow your company to see it as a good thing and to enable a new depth of data quality.