The General Data Protection Regulation (GDPR) went into effect last month. It was passed by the European Union (EU) with the intent to protect the private information of internet users throughout the EU by giving them more control over their data.
But the implications of this law are actually global. They impact how businesses located in the United States will go about reaching new global customers.
What is GDPR?
One of the advantages of marketing on the internet has been the ability to reach new customers. For some U.S. based businesses, it has opened up new markets in Europe.
That may become more difficult with GDPR.
The EU took action because large companies such as Wells Fargo have been careless with our personal data in the past. Very little was done, though, to make sure these breaches would not happen again in the future. Money.CNN.com explains that this new law’s aim is to make privacy the default position for companies that handle our personal information.
As Nilehq.com describes it, “It will affect any business holding personal data on customers, prospects or employees based within the EU.”
More importantly, though, it also has teeth. The GDPR will hold any firm responsible that collects the data of EU citizens. Those organizations that don’t take the proper steps could be fined 4 percent of their annual global sales.
Any business—located anywhere in the world—that holds or collects personal data on those living in the EU must comply with this law. That includes the collection of email addresses for marketing purposes. That means growing those email lists will require additional steps in order to comply.
It also impacts third-party businesses that might not have customers themselves in Europe but that supply services to those that do. Money.CNN.com reports that the cost of complying with these regulations for Fortune 500 businesses is estimated at $7.8 billion!
Collecting Data Under GDPR
Companies can still collect personal data of EU citizens but they must prove they have a lawful reason. Having a contract or some other legal obligation gives them permission.
Organizations can also get the consent of EU citizens to collect and store their data. GDPR makes it clear, though, that the language used by businesses must be plain and clearly understood. Companies may no longer hide the consent in a Terms and Conditions section.
While the new regulations might represent some compliance challenges for businesses, they are necessary. Too many breaches have occurred putting the personal data of individuals at risk.
Marketers in the U.S. need to be more careful about who they target, and how they collect and store personal data. Carelessness could end up costing a business millions.
Do you have questions about GDPR regulations? Call Social Flair Marketing today at 513-237-5530.
If you found this information useful you can subscribe to my updates by clicking HERE.
Bob Turner is a Digital Marketing Consultant with RevLocal in Cincinnati, Ohio.