Chances are, you've probably heard about the General Data Protection Regulation, a policy that took effect May 25, 2018, and requires organizations across the world to change the way they obtain and store customer data from citizens of the European Union.
But, even if you're a U.S.-based local business that doesn't store information from anyone in the EU, it's a good idea to familiarize yourself with the policy because other regions may soon adopt similar requirements — which could have significant ramifications for your local digital marketing.
Here's what local businesses need to know:
What is GDPR?
GDPR sets guidelines for how businesses can collect, process, share and export the personal information of EU citizens, to protect consumer data. Here are just a few of the provisions:
Organizations must have explicit consent to collect and process an individual's information.
If a user wants access to their data profile, you must provide an electronic copy free of charge.
If an individual asks for their data to be erased, organizations must delete it.
If your company experiences a serious data breach, you must notify authorities within 72 hours.
According to the European Commission, failure to comply could result in a fine of up to €20 million or 4 percent of an organization's global turnover. For a small business, this sort of penalty could be devastating.
What Should Local Businesses Do?
To avoid fines and ensure compliance, there are a few things you should do:
1. Familiarize yourself with the requirements. Visit the official European Commission website to learn what the regulation governs, how it defines personal data and more.
2. Perform a customer data audit. Determine where all your data comes from and with whom it's shared. If even a single bit of data comes from an EU citizen, you will need to be compliant.
4. Create a data breach contingency plan. What methods do you have in place to detect a data breach and minimize damage? Regardless of whether you obtain data from the EU, cybercrime is at an all-time high, according to a ThreatMetrix report published on Business Insider, and it's critical your business has a plan.
5. Talk to an expert. It's better to be safe than sorry — especially when the future of your business may be on the line. If you're uncertain whether you need to comply with GDPR, or if you're meeting all requirements, seek counsel from a legal professional.
GDPR is the largest global data privacy law yet and could influence other regions of the world to adopt similar policies. While obtaining customer data is crucial to your business, protecting that data is vital to your future. Whether the policy affects you or not, complying with these regulations will help ensure you're doing everything you can to guard your customers' data and keep their trust.