By now, you are likely aware that on May 25, 2018, a new data privacy law introduced in Europe called the General Data Protection Regulation (GDPR) will come into force, impacting how businesses collect and process data.
In short, if you collect or process any data that belongs to individuals living in the European Union (EU), you will need to adhere to the new law – or risk fines and/or lawsuits.
What does this mean for businesses from a marketing perspective?
Technically nothing if you do not store data of or communicate with anyone in the EU. If you are, you must ensure that personal data is gathered legally, protect it from misuse, and respect the rights of the data owners.
What is personal data? Good question. Personal data is defined as, but not limited to, basic identity information, location, IP address, cookies, device ID, health-related elements, children, religion, biometric, racial, ethnic, political and sexual orientation.
New regulations such as this will undoubtedly begin to scale globally. Therefore, start preparing now by ensuring safeguards are built into products and services from the earliest stage of development, providing “data protection by design” in new products and technologies.
Additionally, if you are actively communicating with anyone in the EU, or think there’s a slight possibility you might be, we recommend reaching out to your customers and asking if they want to be part of your database – while informing how you’ll use their data.
What does this mean for you, personally?
Again, technically nothing if you live outside the EU. However, these regulations will begin to force global companies to consider best practices when collecting and processing data, which will ultimately benefit you as a consumer. But if you DO live in the EU:
- You are promised easier access, in a clear and understandable way, to how your own personal data is processed and used.
- You have the legal right to opt-out and/or “be forgotten” (request your data be deleted).
- Companies will be required to notify you within 72-hours of any data breaches where your personal information may have been compromised and/or exposed on the internet.
While we’ve done our best to simplify the concept, admittedly some of the regulation terms are a bit vague. Therefore, companies will need to navigate this risk in a way that complies with mainstream interpretation and their own risk tolerance.
Bottom Line: If you don’t know where your data came from – don’t use it. Which is a good rule-of-thumb regardless of regulation requirements.