March 13, 2018
The General Data Protection Act is almost here!
Are you prepared?
MANY companies do not realize the extreme impact of the new regulation in the EU that is about to hit the world. When it goes into effect On May 25, 2018, this new regulation promises to radically change every phase of consumer data management within the EU—and WORLDWIDE.
Should you worry about GDPR Compliance?
• GDPR Compliance is a must if your company processes information on anyone from the EU
• GDPR Compliance is a must if your company processes the data of minors
• GDPR Compliance is a must if your company is not IMMEDIATELY ready to report data breaches – GDPR requires a tested breach-response plant that meets 72-hour notification requirement.
• GDPR Compliance is a must if your company stores information for extended periods of time
The new regulation places strict data protections for all persons within the EU and places limits on the export of personal data outside the EU. All companies that possess lead, prospect, or customer data about persons located in the EU will be affected. This includes anyone who has signed up for your newsletter, company information, alerts, purchased a product, and more.
The regulation is confusing, and many likely don’t appreciate the scope
Simply put: What was acceptable usage of customer data will completely change on May 25, 2018
GDPR does not allow your existing data to still be used in the same way after May 25, 2018: There simply is no grace period and no grandfather clause. In other words, if your existing customer data was collected in a way that is not GDPR-compliant (probably true for almost 100% of companies), then you can no longer use it once GDPR takes effect.
Is my data affected?
If an organization based in the US (or any non-EU country) offers goods or services in the EU market, the organization will be expected to be compliant. Even if a company is not physically present in the EU, it will be expected to comply if it processes the personal data of EU residents or visitors.
It applies to any organization that processes EU consumer data, no matter where the company resides or where the servers that collect, store, and process the data are located.
The definition of PII has been expanded significantly to include location data, cookies, device IDs, and even IP addresses.
The GDPR introduces strict and narrow rules on how to obtain consent from customers before collecting and using their data. You can collect information about your customers only if they explicitly allow it for a specific purpose.
Customers need to be able to view what data is being collected and what they gave approval for, and they need to be able to change those individual approval settings at any time easily.
Even with consent, customer data can be gathered only for an explicit, specific purpose. Companies will no longer be able to bundle a wide variety of data with no clear objective.
EU residents can request to have their personal information completely erased from a company’s database upon request. This requirement means that all of the consumer data you’ve been collecting over the years could be lost forever if customers wish. More important is that you need to be able to execute this deletion of data across all your systems and databases that make up your sales and marketing automation stack—including systems maintained by third-party contractors. Then clearly demonstrate successful completion of the process.
You will have to make the extra effort to re-collect approval from your customers to continue to use their data, and you need to do so in a GDPR-conforming manner.
Ramifications of non-compliance are costly!
Businesses who do not adhere to the requirements will be faced with fines ranging between €20,000,000 ($25 mil) and 4% of their annual global turnover – whichever is higher.
Soon, demonstrating GDPR compliance will be everyone’s top priority
Right now, you have the unique opportunity to get ahead of the curve and see how to protect your business immediately. And when the hands of your competitors are tied by last-second solutions, you are free to seize the moment and surpass them!
Contact us and benefit from a complimentary no-obligation consultation on dealing with the General Data Protection Act: info@LHRDigitalConsulting.com