If you’re in the digital marketing or analytics industry, you have probably been inundated by communication from vendors and partners regarding the General Data Protection Regulation, often referred to as (GDPR). Below, we’ve highlighted what GDPR is, why you should care, what impact it will have on your business, and what actions you need to take.
GDPR standardizes data protection law across all European Union (EU) countries and imposes strict rules on how personally identifiable information can be collected, stored, and used. The law goes into effect on May 25th, 2018, and all organizations working with the data of EU citizens must comply or face heavy fines. GDPR applies to every business that collects data from customers in the EU, regardless of the company size, location, or intentions.
GDPR applies to all organizations that handle the personal data of EU residence. Many companies located outside the EU are unaware that the new EU data regulation applies to them. If an organization offers any products, services, or information to EU residents, it must meet all GDPR compliance requirements. Gartner predicted that up to 50% of American firms will not be compliant. Those organizations that do comply with the required transparency should help to build brand trust and equity among consumers.
Fines for noncompliance can be significant. A maximum fine of 4% of global revenues can be applied to companies that fail to gain user consent or violate core data security expectations. Lesser fines of 1-2% of revenues can be applied in situations where a company keeps incomplete records or implements insufficient data controls. GDPR requires organizations to appoint a Data Processing Officer (DPO) for EU government entities or public bodies or a company that either processes or monitors data subjects or sensitive information for citizens of the EU on a large scale.
Below are a few steps that can help guide you for GDPR compliance:
In our opinion, it’s a matter of time before the US government takes action on data collection. With Facebook data privacy being a “hot button” issue currently, antitrust questioning, data collection, and consumer privacy are on the radar of the US government and citizens who watched the Congressional hearings. You would think that the US government is closely watching and measuring the impact of the GDPR to see if it’s worth considering within the US.
Resources: