Use new GDPR to build customer trust

B2B | Digital | SFBJ

Reprinted from South Florida Business Journal.

When I read about the heavy fines for noncompliance that the European Union’s newly revised General Data Privacy Regulation (GDPR) could levy on any company anywhere in the world, I was at first distressed. Then, I thought: “Perfect. Fear of noncompliance is the exact reaction intended.” That thought was followed by: “The European Union may have just done the world a big favor.” And then: “Not only individuals, but businesses, can benefit from the protection of data privacy.”

For all of those who worried about how we were going to regulate Facebook to protect our privacy, the EU, with GDPR, may just have helped to solve the problem for us. This law, which went into effect May 25, basically says anyone using an email address or mining and using the demographic of any European citizen anywhere in the world had better have permission from the individual to do that – or they could be subject to huge fines as much as 2 to 4 percent of a company’s revenue.

Separating out European citizens among the users of the global internet is not a practical opportunity, which may be why the regulation stipulates whatever the location. Europeans travel and live throughout the globe. There is little, if any, data on how many Europeans have dual citizenship and live in the U.S. So the GDPR sent Facebook and many big internet, social media and commerce platforms scrambling to change their user agreements, comply and tell their corporate advertisers it was also their responsibility to comply. Basically, the result can be good for all internet users, not just European citizens.

What do companies need to do to comply for GDPR?

Complying is not a snap of the finger. Every business has customer data that is not only used within the company, but by vendors, contractors and other third parties. Understanding data pathways is critical to compliance. Agreements with all data handlers is also important. The regulation may impact flow and efficiency of company operations, and larger companies may need to create a position called “data protection officer.”

If you store lists of customers, you will need them to re-opt-in more frequently, and you will need to have agreements with them on how you will use the data. Of course, most responsible organizations do this now. But data collection forms will need to be even more clear on what the data will and will not be used for in the future.

You may have noticed almost every large website asking you to re-agree to their terms of use. You may have noticed companies seeking double opt-in requests on their email lists. GDPR is most likely a main reason for this. You also may have approved a legal bill for your company regarding the evaluation of your own company’s terms of use agreement as it relates to the GDPR. While complying with this regulation is not easy and may add costs, the hoped-for result will be to not only protect your customers and prospects, but build trust in data privacy and Internet use.

What are ‘added precautions’ for marketers?

Data providers will need to be GDPR compliant and will require even more specific terms of use agreements for the data they sell. Lead generation forms will need permission check boxes for customers to agree to data use. Appending records of last opt-in dates will be significant, as will “single-click” opt-out capability.

There is lots of GDPR compliance information available – free guides and major social platforms’ explanations to users and advertisers. We all continue to use the internet more and more. The GDPR will help us use it with more data privacy and trust. A company’s early, careful compliance will build trust from customers and prospects – definitely a competitive advantage.