TLDR;
- GDPR is enforced by the EU and will be applicable throughout by 25th May 2018.
- Companies, no matter where collecting the data of European clients will be impacted by GDPR compliance.
- Failure of complying with these policies will cause fines of up to 4% of annual global revenue or 20 Million Euros, whichever is greater.
The internet has taken over us. When was the last you paid your phone bill offline? I haven’t done that in past 4-5 years.
Surprising but scary… The internet has changed how we do our everyday tasks, who we communicate with, and how we communicate. From sending emails to paying bills, we enter our name, phone number, address, and bank details without giving it a second thought.
Companies collect this information to enhance customer experience, offer relevant products and communications, and serve you better.
- What happens to your personal data that you’ve shared online?
- How much personal data is digitally stored?
But do they really use this data for that? Well, this is the question posed and explored by the EU. A new European privacy regulation called GDPR or General Data Protection Regulation will be enforced permanently and will change the ways in which companies collect, store, and use our data.
According to a Dell survey, 80% of businesses know nothing or very few about GDPR.
A. What is GDPR?
GDPR or The General Data Protection Regulation, a new European privacy policy will come into effect on 25th May 2018.
It will apply to:
All companies storing personal information about European citizens irrespective of the company location. For example, if I am an Indian company collecting the information of European citizens, I’ve to ensure my policies are revised as per GDPR.
Will I be Impacted?
If your business involves dealing with humans, it will be impacted. The EU has made clear that there is no distinction between personal data about individuals irrespective of which role they are in.
Also, if you are a B2B company, no matter if your customers are companies, but they involve people and individuals. These regulation policies will still impact your business.
What all comes under personal data?
Any information related to a person such as
- Name
- Photo
- Email address
- Physical address
- Bank details
- Social media updates
- Medical information
- Computer IP address
- Anything!
What Rights Are There Under GDPR?
You will have the following rights:
1. The right to access
Implication to you as a customer: You can request access to your personal data & ask how your data is being used by the company after it has been gathered.
Implication to you as a business: You will have to provide a copy of the personal data, free of charge, and in electronic format, if requested by the individual.
2. The right to be forgotten
If consumers are no longer associated with the company or its product, or if they opt out of the company’s list, they have the right to have their data deleted.
Implication to you as a customer: Once you opt out or are no longer their clients, you can ask the company to delete your data completely.
Implication to you as a business: If the customer asks to delete its data, you need to erase his/her database as if you never knew them.
3. The right to be informed
The individual has the right to be informed about the data collected by the companies.
Implication to you as a customer: For your data to be shared with the company, you have to opt-in and give consent to be on any list.
Implication to you as a company: You need to inform and take consent of the individuals before collecting their data. Also, the consent must be freely given rather than implied.
4. The right to data portability
This includes the right to transfer the data from one service provider to another. It must happen in a commonly used and machine-readable format.
Implication to you as a customer: You can ask for your service provider to transfer your data to another provider as per your choice.
Implication to you as a company: Having a system which allows data transfer instantly will be needed.
5. The right to have information corrected
Individuals can have their data updated if it is out of date or incorrect or incomplete.
Implication to you as a customer: You can ask the companies to update your information.
Implication to you as a company: Companies need to update the customer data whenever they are asked to.
6. The right to object
Individuals have the right to stop the processing of their data for direct marketing. Processing of any kind must be stopped as soon as the request is received.
Implication to you as a customer: You can ask the company to stop using your data for direct marketing purposes.
Implication to you as a company: You must make this right clear to individuals at the start of any communication.
7. The right to be notified
If there’s any data breach which involves an individual’s personal data, they have the right to be informed within 72 hours of first having become aware of the breach.
Implication to you as a customer: Company is liable to inform you about the breach of your personal data.
Implication to you as a company: Inform the customer as soon as you become aware of the breach.
Motive of GDPR: To give prospects, customers, individuals, contractors, and employees more power over their data and less power to the organizations. These rules will regulate how companies collect, store, and use such data for monetary gain.
What Happens if You Don’t Comply with GDPR?
B. Implications of GDPR on Business & Customers
- Pseudonymization: Processing the personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.
- It applies to all business and organizations offering products and services to citizens in the EU.
- Need to appoint a data controller or data protection officer who should take care of the GDPR compliance.
- Failure of complying with GDPR fines will up to 4% of annual global revenue or 20 million Euros, whichever is greater.
- It will impact each aspect of your business – IT, marketing, sales activities, company strategies, and how you communicate with your clients.
- Obtaining the consent of the customer are stricter under GDPR requirements. Separate consents are obtained for different processing activities. This will change company’s marketing and sales processes. For example, you will have to follow double opt-in rules. You can’t assume or add a disclaimer or provide an opt-out option is not enough.
- Companies have to discover new ways of collecting and using the customer data.
- Asking irrelevant data will be eliminated. For example, getting someone sign up on your platform, you must not ask for their business goals.
- You will need to spend thousands of dollars on compliance.
C. Preparing for GDPR May 2018
This whole GDPR thing might sound scary but it isn’t really only if you are prepared.
1. Be aware of your company’s data
Where do all the personal data in your business comes from, map what you do with that data, who can access it, where the data is stored, and if there’s any data risk.
2. Make people aware about the data
People who are concerned with the personal data of your clients at any stage must be clear about GDPR and its policies.
3. Keep information that’s necessary
Remove data that isn’t used or necessary. Don’t collect a lot of data without any real benefit. Before you ask for any data, go through these questions:
- Why are you saving all this data?
- Why aren’t you deleting this data instead of archiving it?
- Are all these categories of personal information really required?
4. Data officers must be appointed
If you have a large organization (>250 employees), you must appoint a data officer or collector for systematic monitoring or processing of sensitive personal data.
5. New Sales Techniques
You should educate your sales about social selling techniques. The representatives should connect with prospects on social media and share valuable content rather than trying to reach them by email directly.
6. Review your documentation
Your old way of assuming opt-ins and implied check-ins will not be acceptable anymore. You must explicitly ask their consent to the acquire and process their personal data.
Conclusion
There’s nothing scary about GDPR if you’re prepared. However, non-compliance will cause huge loss to the company in terms of fines. Wish to know more about GDPR? Drop us your question in the comment section below.