GDPR Crash Course: What You Need to Know
Consumers care about who has their data, especially when a security breach or invasion of privacy becomes news. It’s important for companies to consider how they protect and use consumer data, and the European Union is leading the way. Effective May 2018, European consumers will be under the protection of the GDPR—a parliamentary measure to protect the personal data that gets collected for digital marketing efforts. Here’s what you need to know about the changes.
What is the GDPR?
The GDPR (General Data Protection Regulation) is a set of regulations that will guide how personal data is handled in the EU member states. These guidelines are in place to protect user data and give consumers control over where their data goes and what happens to it. The requirements include:
● Financial penalties of up to 4% of a company’s annual global turnover, or 20 million Euros;
● Consent that is simplified, strengthened, clear, accessible, and easy to revoke;
● Notifying consumers “without undue delay” after data breaches, with any breach risking rights and freedoms reported within 72 hours of discovery;
● Allowing consumers to get copies of their data, information on how it’s being used, and granting the ability to erase or move their data;
● Systems and processes that are built with data protection in mind;
● Specific protection for children, with parental consent for children up to age 16
I’m an American Company. Does this Affect Me?
In today’s world, data transcends borders. The GDPR protects the data of EU citizens no matter where that data travels. In theory, any company that has a database with EU citizens in it and uses tracking codes is bound by its rules regardless of size or location. Member states are required to establish authorities to monitor compliance, but it’s unknown how this will be enforced for American companies. It never hurts to be prepared for any outcome, and companies who take privacy concerns seriously will be able to adapt more easily than companies that don’t.
Changes You Can Make
European consumers plan on exercising their new digital privacy rights, and American consumers will likely take the opportunity as well. Companies should be prepared before customers raise concerns. Here are some suggestions of ways to earn consumer trust before the GDPR takes effect May 25, 2018.
Integrate IT and marketing
Cybercrime is a threat in today’s world, and it’s important to take steps toward preventing it and protecting your consumers. Anyone who uses tracking codes and other data will need to know what’s happening with them to avoid violating any regulations or trust.
Hire a DPO
A data protection officer (DPO) is a point person for compliance and liability with GDPR. While smaller companies won’t be required to hire one, it’s an investment that you might want to consider. The penalties for violating the GDPR are steep, and anything you can do to stay compliant will help your bottom line.
Audit your system
Take a look at your current data security system before the regulations take effect. Make sure that you address anything high-risk before enforcement begins or problems arise.
Train your staff
Anyone in your company who works with data needs to be aware of the GDPR requirements. This includes anyone interacting with new users, anyone maintaining CRM systems, security staff, and data entry personnel.
Create privacy tools
Work with your IT department and DPO to look into compliant system solutions. Consumers need to be able to control, monitor, check, and delete information if desired. There are anonymization, pseudonymization, and encryption options available to help ensure consumer privacy. Websites that use tracking codes will need to inform their users so that they can make decisions about the use of their data.
Look at your third-party providers
You can be liable for breaches by third parties that you work with. Ensure all of your data processing is compliant by working with email service providers, CRM services, and marketing and PR agencies that are GDPR-compliant.
Manage Your Data with Claravine
With Claravine, your data governance is in your hands. We provide the tracking codes necessary for measuring the success of your online campaigns. Claravine collects data from various systems across an enterprise and presents a unified view, in real time, for easier analysis and faster optimization. The way that consumers and companies use data is evolving: get in touch to learn more.