Roughly nine out of every ten B2B businesses use inbound marketing to connect with potential customers. If you’re one of these companies, then a new set of privacy guidelines — the General Data Protection Regulation (GDPR) — will change the way you collect, store, and use the personal information you obtain.
Unfortunately, only 22 percent of U.S. companies have a GDPR compliance plan in place. With the regulations set to go into effect in just a few months, it’s imperative for you to understand the guidelines and take steps to ensure compliance. If you don’t, it could cost you.
Here’s what you need to know:
What Is GDPR?
GDPR is a new framework for data protection agreed to by the European Union. It replaces an older set of guidelines called the 1995 data protection directive. It regulates how companies need to protect the data of citizens living in the EU.
The overarching goal of the GDPR is to create a more consistent and enforceable set of consumer protections to safeguard personal data. The GDPR contains 99 individual Articles. Here are some of the most important details:
- Consent: People must explicitly give their permission for companies to collect their personal information for data processing. Companies must also keep records of how and when individuals provide their consent.
- Control: Individuals who do give their consent must be able to manage the data that is collected. This includes the ability to transfer their personal data between their choice of service providers, and erasing their personal data entirely.
- Purpose: Data can only be collected for a specific, explicit and lawful purpose. Once that purpose has been achieved and the data is no longer necessary, it needs to be deleted.
- Access: People can ask for access to the information that you collect, and companies must acquiesce within a reasonable timeframe (about one month). People can also ask for any errors or omissions to be corrected, and companies must provide a process for making these corrections.
- Accountability: Companies are required to implement reasonable measures to protect personal data and guard against loss or exposure.
- Responsiveness: In the event of a data breach, companies must notify those who are affected within 72 hours.
When Does GDPR Go Into Effect?
GDPR was officially published in May 2016, and it will be enforced starting May 25, 2018.
Wait, I’m In The U.S. Does GDPR Even Apply To Me?
While GDPR was enacted by the European Union, an agreement between the U.S. and the EU gives GDPR extraterritoriality. This means that U.S. companies that plan to collect, or already possess, personal information about EU citizens must comply.
Even if you don’t intentionally market to people in the EU, you could still be at risk of fines and penalties for noncompliance.
In addition, privacy experts and government officials in the United States are touting the merits of the GDPR, and it would not be a surprise if similar regulations are adopted in the near future.
What’s The Risk Of Noncompliance?
Unlike other privacy regulations, GDPR carries with it a heavy financial penalty for noncompliance. Companies that don’t follow the basic principles of the guidelines can be fined up to 4 percent of their global annual revenue.
So What Should I Do?
GDPR represents a big technological challenge for a lot of businesses — one that should not be ignored. Thus, the first step in preparing for compliance is to recognize the need to change.
From there, you should review the regulations. The Information Commissioner's Office in the U.K. has assembled a 12-step checklist to prepare for the GDPR. Take the time to download and review it.
If you utilize a marketing automation tool, then that should take a lot of the burden off your shoulders. Companies such as HubSpot are taking measures that will make it easier for companies to comply with GDPR. However, the liability still lies with the business — not the technology used to collect the information — so you should remain vigilant and take an active role in ensuring your compliance.
As data breaches continue to make headlines and people become ever more vigilant about safeguarding their privacy, measures like the GDPR will provide an added layer of protection and accountability. However, while the regulation is well-intentioned, it is creating an added burden for companies.
In addition, given the increasingly global nature of the supply chain, it’s likely that manufacturers in the United States will do business with people living or working within the EU. Thus, the stakes for compliance — already high — are only going to ratchet up.
If you need more information about inbound marketing and ensuring compliance in your organization, speak to our team today.