The Layman’s Guide to GDPR
Wondering why you should care about a regulation in the EU? The GDPR applies to any organization that does business with EU residents. So basically, if you do business online, it could very well apply to you. If you’re a US business but you’re knowingly conducting business in the EU, GDPR can and will be directly enforced by EU members/state authorities. Your business may even be required to designate an EU representative. If you’re a small business that’s not actively or knowingly doing business in the EU, rules get a bit murky. If the collection of personal data is deemed to be occasional and doesn’t risk the rights and freedoms, the inadvertent collect of personal data may be forgivable, leaving your company at the mercy of the country impacted.
So what do I need to know?
In a nutshell, GDPR requires organizations that collect personal information to better inform users about what information is being collected, and how it’s being used. It also requires them to give users more control over these actions.
If GDPR applies to your organization, it’s best to have your own legal counsel ensure complete compliance. But if you want to get the general idea, this GDPR Playbook from HubSpot is a great place to start. HubSpot’s GDPR Playbook includes a summary of improvements, instructions for turning on GDPR functionality in HubSpot (a powerful lead-gen platform that we help manage for a number of our clients), tips for creating a GDPR strategy, and more.
Looking for just the Cliff Notes? HubSpot also offers a quick video to help you get your feet wet before jumping all the way in.
So why did GDPR happen in the first place?
We’re living in uncharted waters in this digital age. Our access to, and use of digital technology seems limitless. But with that comes a cost – a ginormous increase in the amount of personal data floating around in the digital space. The GDPR aims to bring organizations that collect personal data up to speed by modernizing outdated (pre-digital) personal data laws. The GDPR is just a first step towards a more secure digital and online world.
How will GDPR be enforced?
Since many businesses are just beginning to come into compliance with GDPR, only time will tell the long-term impact. What is certain is that GDPR will disrupt the current model of personal data as currency, and in some cases, turn it into a liability.
While this greatly limits the free reign that organizations have over individuals’ data to date, the implementation of GDPR may help restore the trust between consumers and businesses. For example, the new incentives for data protection and security have made it so that organizations can no longer wait weeks or months to report a data breach (in the EU at least) and must inform customers within 72 hours.
Failure to comply with GDPR is met with serious penalties. Fines will no longer be laughable to the bottom line; they will be based on an organization’s annual global turnover – up to 4% or €20 Million, whichever is greater. OUCH.
If those fines aren’t incentive enough to become GDPR compliant, victims of data breaches will also be empowered to file class action lawsuits. And in the end, the damage to an organization’s reputation and brand will likely be the most motivating consequence.
Is there an impact of GDPR on individuals outside of the EU?
The best place to embrace GDPR as an individual starts with all of those privacy update emails filling your inbox – open them. It’s the perfect opportunity to opt-out and remove yourself from subscriptions and subsequent data archives that you no longer need or use, most of which you’ve probably long forgotten about. This won’t have the same impact as if you were in the EU, but it’s a great place to start.
What’s next for GDPR?
While GDPR has yet to be adopted by the US or the rest of the world outside the EU, it’s time for US businesses to pay attention. Individuals having rights over their own data is a cry that is growing louder by the day. Individual consumer’s data and their right to protect that data is now at the forefront of the digital conversation.
As GDPR plays out in Europe, the world will be watching. What loop holes will be found? How will organizations and consumers react to the roll out? How will it impact small businesses? Will it actually improve consumer data protection?
One thing is for sure, GDPR will change the conversation around digital data privacy – and the empowerment of consumers to be in control of their online experience is here to stay.
Ethos is a multiplatform branding agency that develops and executes integrated marketing campaigns across multiple channels for companies inside and outside of Maine.
At Ethos, we believe that the most effective way to set a company’s marketing course is by finding its core truth – its ethos. We know that once we discover and communicate that core truth, we can truly make a difference for each client’s unique marketing and business objectives.
With Ethos, you get more than a marketing agency. You get a long-term partner whose goals are your goals.