The internet has integrated in the business world and become a vital medium of communication. Document sharing, sending emails, the way we purchase goods and make payments have all changed and the process has become much faster thanks to the internet. GDPR or General Data Protection Regulation governs the data protection and privacy norms of all individuals within the European Economic Area (EEA) and the European Union (EU). The laws also check into sharing of personal data with outside sources. Personal data, from IP address and social media posts to browser history, contacts and banking information all are stored over the internet where companies can collect this data for the benefit of you, the consumer. But, do all companies collect data to improve customer experience? The GDPR was brought on in May 2018 by EU to change how businesses collect, store and use customer data.
Breaking down “GDPR”
GDPR (The General Data Protection Regulation) came into effect on 25th My 2018 as the new European privacy regulation policy. GDPR has already been implemented in the EU and EEA jurisdiction and the policy is applicable on all companies collecting and selling personal information about European citizens. The regulation is also applicable on companies based in other continents. This gives the citizens of EEA and EU the liberty to exercise more control over their personal data. The GDPR allows the individuals to have:
- Access to personal data: The individuals will have the authority to request access to their personal data and how a company is using it. The companies are bound to provide a copy of how the personal data is being used without charging anything, on the request of the individual.
- Removal of personal data: If an individual is no longer a customer or withdraws their consent of a company accessing their personal data then, the company has to delete information collected about that person. The individual has the right to ask the company to delete their personal data.
- Transfer of data: The individuals will be able to transfer data across service providers in a machine readable format.
- Giving right to collect data: A company wanting to collect information about an individual must inform them before doing so. The consumer must give consent freely to the company to collect personal data.
- Correction of information: The individual will have the option to update their data or correct them in case of any mistakes.
- Restricting processing of data: Every consumer has the right to stop their data from being processed. It can also be that the company has collected data but, do not use it.
- Right to object: GDPR allows the individual to stop a company from using their data from direct marketing. The company has to stop processing on receiving the request. Both the parties have to understand this policy before starting any communication.
- Right to know any changes: The consumer should be informed within 72 hours if there has been a data breach where personal data have been compromised.
EU and EEA have brought in GDPR to give individuals, consumers, prospects, contractors and employees more control about how their data is being used and who is collecting information.
The Consequences of GDPR
Even though it is a little early to talk about the implications of GDPR, the start-ups especially may experience some difficulties considering the complexity and additional costs they will have to bear. Once GDPR has been implemented, the whole business world had to conform their privacy policies accordingly as most of these companies, institutions communicate with an EU or EEA citizen. There is also a penalty for failing to comply to the GDPR norms; it can be up to €20 million or nearly 4% of global turnover. At this moment, it is difficult to say for many companies whether they are meeting the standards set by GDPR even if they ask the consent of the individual. It may also be difficult for them to produce a record of these consents as the mailing lists maintained till now were usually a cut above the database of contact information. The usual way of safeguarding privacy was to unsubscribe to the emails. However, now this approach will no longer work so smoothly if one wants to avoid strict penalties. This has basically forced most organisations to recheck their privacy policies.
The GDPR will make some major changes in the way the sales teams of a company works. Marketing campaigns will also have to undergo certain changes such that there is no option of getting a penalty. The conditions for obtaining a consent have become much stricter where presumption and disclaimers have no place. After the GDPR, the companies were bound to review their business processes, forms and applications and email marketing policies. In many cases, the interested parties will have to fill up applications before starting communication. They also need to confirm their actions through an email. Suppose sales people had exchanged business cards they add contacts to their company’s mailing list. After the GDPR, this is no longer possible.