The business implications of GDPR
The new data protection law gives consumers more rights and poses a challenge for companies to comply with the new guidelines. In short, the GDPR applies to all companies and organizations based in the EU, regardless of whether the right to be forgotten gdpr data is processed in the EU or not.
Organizations that are not based in the EU are also subject to the GDPR. If a company offers goods or services to citizens in the EU, it must comply with the GDPR. All organizations and companies that work with personal data must appoint a data protection officer who monitors compliance with the GDPR and is responsible for violations.
Businesses and organizations that fail to comply with the GDPR face severe penalties of up to 4% of global annual revenue or €20 million , whichever is greater. Many people think that the GDPR only affects IT, but this is a mistake. The new regulation has far-reaching consequences for the whole company, including its marketing and sales activities.
The Impact of GDPR on Customer Interactions
The conditions under which consent is obtained are stricter under the GDPR. Because individuals have the right to withdraw their consent at any time. In addition, consent is only considered valid if separate consents have been obtained for different processing operations.
This means you need to be able to prove that the person has consented to a specific action, such as receiving a newsletter. It is not allowed to assume implied consent or to add a disclaimer, and it is not sufficient to offer an opt-out option.
These innovations affect many areas of the company, e.g. B. on the implementation of marketing and sales activities. Businesses need to review their business processes, applications, and forms for compliance with the double opt-in policy and email marketing best practices . To opt-in to receive information, customers must fill out a form or tick a box and then confirm this in another email.
Companies must demonstrate that consent has been given in the event that an individual opts out of receiving information. This means that all data stored must have an audit trail, time-stamped and reporting data, showing what operation and how the individual consented.
Even if you are purchasing marketing lists, you are responsible for properly obtaining consent. This also applies if a supplier or partner is responsible for collecting the data.
In the B2B area, sales staff often meet potential customers at trade fairs where they exchange business cards. Then, later in the office, they add the contacts to their company’s mailing list. In 2018 this will no longer be possible. Businesses need to find new ways to collect customer data .
First preparations for May 2018
An important component of the GDPR is privacy by design .
Privacy by design requires all departments to take a close look at their data and data processing . Organizations need to take several actions to comply with the GDPR. Here are just the first essential steps to get you started:
1. Overview of your company data
Create an overview of the personal data in your company and document how you handle this right to be forgotten process data. Determine where this data is stored, who can access it, and if the data is at risk.
2. Determine the data you need to keep
Do not store more information than necessary and delete any data that is not used. If your company collects a lot of data without any real use, you will have to change this with the new GDPR. The GDPR requires disciplined handling of personal data.
When cleaning your data, ask yourself the following questions:
- Why exactly are we archiving this data instead of deleting it?
- Why do we store all this data?
- What is the purpose of collecting different categories of personal information?
- Is there a greater financial benefit if you delete this information rather than encrypting it?
3. Taking Security Measures
Develop and implement safeguards across your entire infrastructure to prevent data breaches. This means implementing security measures that protect data and taking swift action to notify individuals and authorities when a data breach has occurred.
Also check the procedures of your suppliers. Outsourcing does not relieve you of your obligations. You must ensure that your suppliers have also taken appropriate safety precautions.
4. Review your documentation
Under the GDPR, individuals must give their express consent to the collection and processing of their data. Pre-checked boxes and tacit consent are no longer allowed. You must review all of your privacy statements and disclosures and adjust them as necessary.
5. Establishing procedures for processing personal data
As previously mentioned, individuals have eight fundamental rights under the GDPR. You must establish policies and procedures for handling each item.
- How can individuals properly give their consent?
- What process is used when an individual requests that their data be deleted?
- How do you ensure that the data is really deleted from all systems?
- What do you do if a person wants to transfer their data?
- How do you verify the identity of the person who made the data portability request?
- What communication plan do you have in the event of a data breach?
In the new world, data is a precious currency.
And while GDPR poses many challenges for us as a company, it also presents opportunities.
Companies that demonstrate they protect an individual’s privacy (beyond legal requirements), are transparent about how data is used, and develop and implement new and better ways of managing customer data throughout the lifecycle inspire trust and attract more loyal customers .
May 2018 may seem far away at the moment, but a year goes by quickly. If you haven’t started implementing the new guidelines yet, you should do so now.
Take the time to identify the steps required to be compliant with the new regulation and use the practical tips in this article to begin implementation.
Then create an action plan for GDPR implementation so that you can face May 2018 with confidence and answer any questions your customers may have about compliance with the new regulation gdpr case studies.