There are four letters that are causing panic in companies around the globe: GDPR. If you haven’t heard about the General Data Protection Regulation, it’s time to start paying attention. (The deadline for compliance is May 25th, 2018 - so kick yo-self into gear)
If you HAVE heard about the GDPR but figured it was only pertinent to those weirdos in the EU, think again. The European Union’s new law has long arms, and it will impact businesses all over the world, including here in the US. A single mistake could cost your company as much as 2% of your global revenue in fines.
Worried? Let’s dig in and figure out how the GDPR will impact the way you do business.
What’s the GDPR?
The General Data Protection Regulation is a law that regulates the way data is handled in the EU. It will strengthen the individual’s right to dictate how companies deal with their personal data and ensure that companies obtain each person’s consent prior to collecting and distributing that data. “But my business isn’t IN the EU,” you say. That doesn’t matter.
As the creators of the bill began to investigate the way online data is collected, it was determined that companies in countries around the world were gathering data about citizens of the EU without their consent. Thus, Article 3 of the GDPR was born; it states that any organization collecting data from a person in the EU is subject to the requirements of the GDPR— whether the company is based in the EU or not.
Hold On— We Don’t SELL Anything to the EU! We’re Good, Right?
Nope. You’re not. The GDPR is on to you, pal. It specifically states that a financial transaction doesn’t have to occur for your company to be subject to the law. They’re focused on the collection of personal data— gender, age, education level, country of origin, etc.
In other words, if your American company has any connection with the EU, you’ve got to follow the rules. Say, for example, Prince Charles decides to take a survey offering feedback about your website. Now you’re in the system.
“But we don’t ask for that kind of information,” you cry. “We just ask for their likes and dislikes.” Once again, you’ve been outsmarted by the wily authors of the GDPR. If Prince Charles said he likes learning more about technology or that he dislikes Mondays, you’re subject to the requirements of the GDPR.
Ok, Ok… What Do I Have to Do to Be GDPR Compliant?
Here’s the good news: unless you’re a tech giant like, say, Facebook, you probably don’t have reason to panic. You’ll need to update the language in your privacy notification— the GDPR requires all consent to be “freely given, specific, informed, and unambiguous.” (We assume you have privacy practices in writing already; if you don’t, GET ON THAT YESTERDAY.)
Additionally, you must explain how you process the data you collect in a lawful manner, lay out how long you retain the data, and explain the person’s right to complain to the ICO. All of this must be delivered in easy to understand language so you can be confident that consent is given without confusion.
Once you’ve collected any data from a citizen of the EU (Prince Charles LOVES to fill out surveys), it’s vital that you ensure this data is properly protected per the GDPR guidelines. If there is a data breach, you’ve got 72 hours to notify regulators; if you don’t, you’ll face enormous fines.
At WBG, we, too, are subject to the GDPR. We’re checking all the tools we use day-to-day to ensure that we’re compliant. Fortunately, they’re ready for us. Here are a few of the ways the digital marketing tools and software we use are making modifications:
- HubSpot has created a playbook detailing the changes they’ve made to help users become compliant.
- Gravity Forms offered instructions for adding a required checkbox to forms that need to be compliant.
- MailChimp also provided direction to ensure that your email forms are GDPR-friendly.
- Google Analytics updated their information to reflect the impact the GDPR will have on their data
There are other common tools that have already made any necessary modifications— you don’t have to do anything to stay compliant. These include:
Click-through to learn about the updates each of these tools have made to be GDPR-compliant.
Of course, it’s important to note that we’re not attorneys. We STRONGLY encourage you to discuss any questions you might have with someone who has more knowledge of the law than we do-- even though we do watch a ton of Law & Order.
The GDPR is the new normal. Take the time to familiarize yourself with the rules and implement them ASAP. Prince Charles isn’t going to stop taking surveys anytime soon.