In recent times, I have received several emails about updated privacy terms of services from most of the websites and apps that I use. All of them have something to do with GDPR that is taking effect from May 25th, 2018.
You too have probably received a few emails like these in your mailbox.
GDPR is Europe's General Data Protection Regulation. It is a regulation on data protection and privacy for all individuals within the European Union. The idea behind this new legislation is that companies should adopt “safety by design” protection strategies for their customers if they offer goods or services to EU citizens.
According to the regulations, irrespective of the location of your business, there is a need for you to comply, as long as you serve users from Europe. For example, where I work is an online payment gateway that supports users globally (a good number of these are in EU zone). Therefore, we have obligations to comply. Hence, we have updated our data and privacy guidelines, giving users opportunities to manage their preference like opting out of our services, collate their data and initiate “forget me” feature.
Failure to comply with GDPR attracts degrees of penalties which can be up to €20 million or 4% of the worldwide annual revenue.
Even if your business does not serve citizens of EU, you need to be aware that the African Union recently released it own data protection guidelines called Personal Data Protection Guidelines for Africa (PDPGA). The document (available as PDF) has a lot of semblance to GDPR. In order to be on the good side of the law, this is definitely a good time to review your business readiness for GDPR compliance.
Are there any benefits of GDPR to my business?
On the surface, it looks like GDPR is only about the users with no clear benefit to companies. But, this regulation creates business benefits and operational efficiencies for you.
Let’s look at a few of them.
Your business enjoys greater consumer confidence
One immediate benefit of GDPR compliance is that it shows your business values your customers and you want them to have control over how you manage their personal data and privacy.
In recent times, organisations that abuse users’ data by profiting from it without their knowledge are getting litigation and backlash. The most recent example involved Facebook and Cambridge Analytica.
So, it is good idea to comply and use it to grow your appeal to your users.
Your marketing is more effective
Your marketing efforts can benefit from compliance with GDPR, especially if you invest in email marketing. Since you are now required to get consent from people before you start sending them emails, it means you send messages only to people interested in hearing from you and you can gain a lot of insight and real business value from segmenting your user base. This will lead to improved customer satisfaction as well as eliminate redundant data from your database.
So, how do I get my company ready for GDPR?
For example, you are required to comply with the following:
- User Consent: Your users need to give you their consent and that consent can also be withdrawn at any time.
- Transparency: You will need to inform your users about any personal data you are storing or processing. They also have a right to know the third parties with access to their data. For example, PayPal recently released the list of 600 partners they share your data with.
- Data Breaches: If your customers’ data is breached, you need to inform concerned individuals as well as notify supervisory authority.
- Rights to access, portability and erasure: Your users have complete right to every data you store about them and can demand you transfer that data to other organisations, including your competitor or erase their personal data from your servers.
Helpful tools to navigate GDPR compliance
Complying with all these regulations require you to invest in new sets of tools. The good news is that there are free tools you can get started with.
- Secure Privacy: This tool audits your website and gives you an assessment of your GDPR readiness. You can also use the platform to design a GDPR compliance for your business, that can be instantly published on your website by embedding HTML code, or as plugins for specific CMS platforms.
- GDPR Wall: This tool builds an opt-in wall you can implement on your website that helps you to manage user preferences and permission settings before they can access your service.
- Other helpful resources: Since GDPR affects how you use data, it will have impact on your sales and marketing efforts, so keep the tips in this article and this article on impact of GDPR on growth marketing in mind as well as this helpful resource kit (if you do a lot of email marketing).
This is the week -- 25th May, 2018 -- that GDPR is coming into effect (depending on when you are reading). I believe this regulation is good news for consumers as it gives you more control on how companies use your personal data.
It should also be good news for businesses that look beyond the compliance penalties to the opportunities their business can maximise as a result.
Welcome to a post-GDPR world and get your business ready for it.