What is GDPR?
General Data Protection Regulation.
That’s what GDPR stands for, for all of you with acronyphobia. Although it’s muted by its bland name, this law is making a few waves. Worrying won’t give you anything but wrinkles, there are some things you need to watch out for.
This One’s One To Watch
This little law is a product of a four-year brainstorming session that the European Commission undertook in 2012 to lay some data protection ground rules to make internet life in the EU “fit for the digital age.” If the internet is the Wild West, then GDPR is an eager young sheriff with an eye for data collection restrictions.
Seeing Through The Misinformation
There are plenty of rumors and guesses out there about what this means for private businesses. Let’s review the rules quick:
- Email marketing: You can’t send marketing or sales information to any individual unless they give consent. That means newsletter checkboxes on online forms should be unchecked by default. This is exactly why the British chain Wetherspoons already deleted their entire email database: they collected emails through their wifi sign-up form and sent them a newsletter.
- The Right to be Forgotten: If someone asks to have their data removed from your system then you must do so. Psst: there is a loophole—legitimate interest.
- Data Portability: EU citizens have a right to all their personal data under GDPR— companies have to give it up for free in an easy-to-understand format.
- Breaches: Companies will need to report data breaches within 72 hours.
It can be extra confusing because the effects of GDPR depend on the individual shape of each company. That could mean trouble for non-traditional companies. You know what it’s like—in the online arena, growing your business means contorting data in new ways to give yourself a competitive edge. So, GDPR will affect these front-runners in ways that are not necessarily predictable. Here’s the one thing you need to remember: whether or not you’re in the EU (we’re looking at you, Britain and Switzerland!) if you collect any information (names, emails, credit card numbers, photos, even social media posts) about EU citizens, then the GDPR is your problem. And you probably don’t want to get hit with a fine of up to €20 million.
Terms and Conditions Apply
From the consumer’s point of view, GDPR might just be another annoying little pop-up box to tick, like the famous “accept cookies.” But for companies, it could mean changing their structure completely. Or not: a prediction from Forrester says that 80 percent of companies won’t be up to code by May 25th— either intentionally or inadvertently. A big portion of that 80% will likely be corporations who use Google’s ad services. Companies could also face new threats, like “right to be forgotten” sticklers who will suck up company resources, meaning damaged brands. On the flipside, in the blockchain-enabled trust-based economy of the future, a move towards a customer-centric experience is quite welcome. It gives consumers of internet resources more control over their digital selves and may prevent the next Facebook-esque data selling scandal.