The internet has changed the way humans interact. We are plugged in and connected 24/7, meaning communicating face to face with humans is slowly becoming obsolete and less desired.
Every day we send emails, texts, reminders, important documents to one another. We even pay bills and purchase quality goods online by using our personal data including credit card information. Heck, even our mortgage repayments are online!
During all this information sharing it’s quite natural to wonder what these companies are doing with your details once they acquire them.
Information such as banking habits, contact lists, social media interactions, IP addresses and even as far as what time you are most active on the internet, clothing sizes, chances are if you’ve filled it out before, someone has it.
Companies have been defending holding on to this data for years now. Many claims that by collecting this information they are better equipped to offer you products and services that are more targetable and relevant to your person, all aimed at providing you with better customer experience.
But were we going to trust that these multimillion dollar global companies are purely using our info to offer us a new t-shirt we might like?
The rundown so far:
As of May 2018, the GDPR is active. The GDPR changes the way businesses can collect, store and use various customers data.
General Data Protection Regulation (GDPR) is a new consumer privacy standard issued by the European Union. It requires companies collecting information on EU citizens to have better data protection for those individuals, including the ability for EU citizens to have a “right to be forgotten,” meaning companies need to be able to delete a user’s information if asked permanently.
A significant chunk of international companies that also operate in the EU is simply applying the new standards across the board for all users since that’s the most natural implementation. The upside is that non-EU citizens will benefit from the extra protection.
Simply put: the law change forces companies that collect, store or process large amounts of information on residents of the UE to change the way they require openness about what data they have and who they share it with.
The reason this has become global news is that this law is relevant to any company with a digital presence in the EU. Now that the regulations carry the force of law, businesses could face severe fines for failure to comply. The penalty? Well, Google and Facebook are already facing up to $9.3 billion in penalties on the first day of the law.
How can I prepare for the GDPR?
If your business currently operates digitally or physically within the EU, there are steps you can take to stay compliant with the GDPR.
Begin by working with a legal expert to best understand the new privacy laws and how they can impact your business and its operations. Once you fully understand the requirements and what areas of work they are affecting your company in, you will be better prepared to steer your company in the right direction.
Educate the whole team.
Your staff should be just as educated on the matter as you are. Your staff needs to know the responsibilities they now have when dealing with personal information of co-workers, customers, partners, etc. It’s crucial that your management team understand the law change but also understand why it’s so important.
Choose a point of contact.
Mid to large sized companies may want to consider hiring a compliance officer, who would be held accountable for reviewing the constant changes in data privacy laws. For smaller sized businesses it may make more sense to hire an external contractor when needed. Either way, having a person in charge and aware of the data protection laws will ensure no nasty surprises pop up.
Get on top of your data.
First, identify which of your company’s data is impacted by the new laws. For example, data can be in multiple different places; emails, HR documents, purchase orders, landing page information. Look at where the data is stored, who has access to it and who controls it currently. From there you can assess the situation and implement company-wide policies around how sensitive data should be handled.
Review your contracts.
GDPR has created the need to review your current and new contracts closely. All your third-party vendors and providers need to have clear policies that follow the regulations. Signing a contract in one country does not guarantee that your data will be stored and processed in that country. As you do with your own internal data management, understand your broader network and how your vendors will store, process and access your business’s data.
If your company holds personal information on EU residents, you need to be able to process multiple data access requests as part of your GDPR compliance strategy. All this means is that you need to have adequate systems in place that identify, organize and make data available for individuals upon request in an accessible way.
Transparency is vital when it comes to successfully adjusting to the GDPR. The more open you about how you are using personal information, the more trust you will gain from customers, it’s no secret that people want to trust who they are buying from. Consumers are more likely to use a company that is upfront and honest about what information they are holding and how it will be used. It would seem we are approaching a new age where companies that embrace the GDPR could gain a competitive edge from gaining trust from existing or new customers.
Check out our last blog here.