Businesses Need to Know GDPR

The European Union’s General Data Protection Regulation (GDPR), which will become enforceable May 25, is being hailed as the most important change in data privacy regulation in 20 years. Companies worldwide need to prepare now because once the law takes effect, violators could face fines of up to 4 percent of their annual turnover.

The GDPR is designed to harmonize data privacy laws across European Union member nations and to reshape the way organizations approach data privacy. Under the terms of the law, companies must get “explicit” consent from consumers before collecting and using personal data about them. The EU’s GDPR Commission defines personal data as “any information relating to an individual, whether it relates to his or her private, professional, or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”

And the rules apply not just to companies based in Europe but to companies anywhere in the world that do business with consumers in any of the 28 nations that make up the European Union.

Eric Holtzclaw, chief strategist at PossibleNOW, a provider of preference management and marketing solutions, and author of Laddering: Unlocking the Potential of Consumer Behavior, says the new law will change the traditional paradigm for most businesses. “In this case, it’s thinking about that customer in a different way. They [have a right to] know what I have on them and how I’m using it,” he says. “What this does is highlight what a company may know about me, or at least I have the right to know it.”

Experts agree that the new law has big implications for marketers specifically. Constellation Research has put forth a five-item GDPR preparation checklist for marketers.

The first recommendation is for chief marketing officers to appoint an individual or team to oversee the handling of marketing data. Additionally, it proposes a thorough review of current mailing lists and all data collection and handling procedures.

The second recommendation consists of actions to take when collecting personal data. On websites and web forms, this includes providing clear consent wording and establishing an age-verification process. Other ways to get the required consent could include check boxes or other fields for consumers to mark indicating their willingness to receive marketing content. For validating countries, a “Country of Residence” field should also be available.

The third recommendation is to actively manage existing contacts and leads in a database. Companies should consider sending all active European contacts a new request to re-verify their email addresses and renew their consent to receive communications by email, mobile app, phone, or direct mail. Additionally, companies should consider creating a communications preference center that allows customers to manage their own preferences.

The fourth recommendation is to include clear privacy policy directions that detail what data is being gathered, how the data is stored, and how to contact the organization. Additionally, companies should notify customers about privacy policy updates.

The fifth recommendation is to design a data breach plan. This includes publishing as much information about the breach as possible, as quickly as possible, on the company website or via a microsite as well as providing assistance to customers who suffer negative consequences as a result of the breach.

“Even if it truly doesn’t impact your organization, awareness and knowledge is power. At least understand what GDPR is,” advises Cindy Zhou, vice president and principal analyst at Constellation Research. “Being prepared is better than not. Knowing what [GDPR] is, understanding it, and having an action plan is very important. GDPR for Europe is just the beginning. [By] having a plan and being prepared for this, if regulations continue to change and tighten later on, you’re at a great spot.” 

Related Articles

PossibleNOW and Scribe Software Announce Partnership

The union is designed to enable customers to accelerate preference-data and application integration ahead of the EU's GDPR.

Openprise Announces New GDPR Compliance Features

The latest version of the company's Data Orchestration Platform features new capabilities for GDPR compliance.

3 Data Professional Roles Every Company Wants to Fill

Digital transformation requires sound analytics and insights, and that requires the right personnel to manage your data.