The European Union’s (EU) General Data Protection Regulation (GDPR) law is one of the most wide-ranging and comprehensive pieces of legislation regarding sensitive consumer data ever enacted -- and it's about to go into effect. Even if you’re not based in Europe, if you do business there or gather any personally identifiable information (PII) from EU citizens via your website, you will be subject to GDPR regulations. With GDPR’s start date quickly approaching, here are some actionable steps you can take to ensure that your business is compliant. Related: With GDPR Restrictions on Using Consumer Data, Marketers Will Need to Start Mining Moments 2. Is that PII necessary for your business? Do you have documentation to show that your customers consented to the use of this information? Of course, marketers will want to know: What about my existing customer data? For example, a data audit by W8 Data estimated that 75 percent of existing customer data in the U.K. would be rendered obsolete by the GDPR. In order to legally send a marketing email to an EU citizen, you need documented proof that he or she consented to receive it. Being a member of the platform means you've given consent to connect with other users, leaving the door wide open for companies to reach fellow LinkedIn members with marketing initiatives.
Opinions expressed by Entrepreneur contributors are their own.
The European Union’s (EU) General Data Protection Regulation (GDPR) law is one of the most wide-ranging and comprehensive pieces of legislation regarding sensitive consumer data ever enacted — and it’s about to go into effect. When that happens, on May 25, it will change the way consumer data is protected, not just in Europe, but worldwide.
Under GDPR, information such as customer IP addresses and even web cookies will be subject to the same strict security standards as physical addresses and social security numbers.
Even if you’re not based in Europe, if you do business there or gather any personally identifiable information (PII) from EU citizens via your website, you will be subject to GDPR regulations.
The penalties for GDPR violations will be significant. Fines up to €20 million (approximately $25 million) or 4 percent of global yearly turnover will be levied against companies found to have inadequately safeguarded data under the terms of the legislation.
Those hefty fines and the complexity of the legislation itself have led to some confusion among business owners here in the United States as they try to understand the impact of the EU changes on their marketing strategy — particularly in matters sited outside of Europe. Many owners are unsure of how best to comply with GDPR at minimum expense. According to a survey by RealWire, only 16 percent of companies surveyed in the Americas said they believed they must comply with GDPR — a percentage far less than the number of companies actually subject to the legislation.
With GDPR’s start date quickly approaching, here are some actionable steps you can take to ensure that your business is compliant.
1. Appoint a data protection officer.
Designate one person in your organization as your data protection officer (DPO). This individual, at a minimum, should be familiar with the GDPR and what your business is doing to comply. The DPO will be responsible for dealing with regulatory agencies as well as members of the public with requests related to use of their identifying information (PII).
Related: With GDPR Restrictions on Using Consumer Data, Marketers Will Need to Start Mining Moments
2. Perform a data audit.
One of the most crucial things your business can do to ensure compliance is to perform a thorough data audit. Start by asking these questions:
-
What PII does your company currently use and retain?
-
Is that PII necessary for your business? If not, delete it. The less PII you retain, the less chance of a breach.
-
Do you have documentation…
COMMENTS