Starting on May 28, 2018, companies in a wide variety of industries will face new rules and restrictions when it comes to handling customer information. The European Union General Data Protection Regulation, or GDPR, will require companies to get consent from customers to capture and process their data. While this law is specific to EU nationals, virtually all companies that process customer data will have to comply.
1. What Is the GDPR?
The EU Parliament approved the GDPR in April 2016 after four years of debate. The purpose of the legislation was to harmonize European data privacy laws and protect the data privacy of EU citizens. EU citizens must provide “clear and distinguishable” consent for companies to collect and process their personal data. This most commonly takes the form of individuals opting in to agreements that their data can be collected. There are two interesting facts to consider with this legislation. First, while this law is designed to protect EU citizens, the global nature of the internet means that companies outside the EU will find themselves bound by these new rules. Second, the penalty for violating the GDPR can be fines up to 4 percent of annual global revenue, or €20 million, whichever is greater.
2. How Client Relationships Are Changing
The GDPR requires companies collecting information on EU nationals to protect personally identifying information such as health data, biometrics and demographic information. Customers will have to opt in to any data collection and contracts or agreements must be clearly written. Companies will no longer be able to collect information on anyone they wish without oversight. Some companies have already been criticized for trying to bypass these new rules. For example, Facebook is now asking users to opt in to data collection, but those who don’t wish to opt in must click through several pages before being able to refuse. Facebook, like other companies, relies on this data for branded content and ad engagement and will still try to collect it when possible.
3. Increased Compliance Costs
According to one study, GDPR compliance costs for the world’s largest companies could average approximately $16 million. Part of that cost is the implementation of new processes and procedures to protect customer data. Companies will be required to create data maps that document the customer data collected for each product or service. Companies will also be required to emphasize “privacy by design” protocols when developing new products and will have to take greater steps to secure customer data. These processes are a challenge for large multinational firms, which have many overlapping divisions, as well as small businesses, which may not have the manpower to promptly ensure compliance.
4. Greater Responsibility for Vendor Activity
In the past, many companies outsourced data collection and processing to vendors who might operate with less stringent security standards. This is no longer acceptable under GDPR. The new law requires companies to ensure that vendors are also in compliance. This means that contracts with market research or audience insights vendors must have clear, stringent requirements for protecting customer data and reporting any breaches. This may first require communicating across the enterprise to ensure that executives have a definitive list of vendors.
The GDPR might be a European invention, but its impact will be felt worldwide. Any company that collects and stores customer data, which is virtually any modern company, will need to adapt their behavior starting in May 2018. While this new law does empower and protect consumers, it can make companies liable for massive fines if they don’t police their vendors and ensure all business units are in compliance.
To help make the transition easier, companies can rest assured that Insticator is following the legal standard and approach for GDPR in regards to data opt in, storage and compliance reporting. It is also important to note that information submitted via Insticator’s embed technology is first party data provided directly from the user. This creates a more trusted experience for the user while boosting reader loyalty, time spent on page and content monetization.