GDPR is approaching fast. Are you ready?
Here’s everything you need to know, along with a few handy resources.
“The EU GDPR will impact the lives of more than 500 million people in 28 countries and will attempt to provide consumers the improved privacy and protection they’ve been demanding without stifling a business’ ability to innovate and market itself,” writes Kevin Lynch at Instapage.
He adds that the coming regulation will have “a profound effect on business, regardless of the size of an organization. Facebook, Alphabet, Apple, and possibly you, will have to adhere to the wishes of the consumer and guarantee that they have ultimate control over how they want their data used.”
Penalties for not complying with the new rules will be stiff. According to Lynch, authorities “will have the power to fine anyone in violation of the GDPR. Fines can go up to four percent of annual global sales or €20 million (US$21.1M) — whichever is higher.”
It’s worth noting that Britain has indicated that GDPR will be enforced in that country, despite its pending exit from the EU.
Preparing for GDPR
“The GDPR guidelines will mean you will need to review both how you capture and how you process user data,” writes Alan Ilhan at Email on Acid, who shares eight steps he’s tailored specifically for non-UK marketers to help ensure compliance on Day One.
–Awareness – Make sure decision makers and key people in your organization are aware that the law is changing to the GDPR.
–Information you hold – You should document what personal data you hold, where it came from and who you share it with.
–Communicating privacy information – You should review your current privacy notices and put a plan in place for making any necessary changes.
–Individuals’ rights – You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically.
–Subject access requests – You should update your procedures and plan how you will handle requests within the new timescales.
–Lawful basis for processing personal data – You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice.
–Consent – You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.
–Data breaches – You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.
It may be natural for marketers to view GDPR as burdensome; however, Lund sees an upside.
“While GDPR does create challenges and pain for us as businesses, it also creates opportunity,” she writes. “Companies who show they value an individual’s privacy (beyond mere legal compliance), who are transparent about how the data is used, who design and implement new and improved ways of managing customer data throughout its life cycle, build deeper trust and retain more loyal customers.”
In addition to the resources linked to above, these resources can help marketers understand and prepare for GDPR:
GDPR Portal – The “official” GDPR website
GDPR:Report – “How marketers can take action on GDPR today”
The Direct Marketing Association – “What U.S. marketers must know and must do about GDPR”
Econsultancy – “How should non-EU businesses prepare for the GDPR?”