On May 25, 2018, the General Data Privacy Regulation (GDPR) went into effect. This new European legislation is changing the way organizations worldwide process and store user, employee, and client data, and there are significant consequences for noncompliance.
GDPR was created to ensure consumer privacy better. Businesses who collect information from consumers in Europe are subject to stricter data protection policies. Organizations now need consumer consent to not only obtain their information but also to use it for any marketing or business purposes. The language of consent must be clear as well as easy to find, read, and understand. Company privacy policies must also be easy to find by consumers.
How are U.S. Companies Affected by GDPR?
U.S. companies that handle data on EU consumers are affected by GDPR. In his article “The Affects of GDPR on North American Companies,” Jonathan Dyble writes two critical points to note: “Firstly if the EU consumer (or subject) is not in the EU when you collect your data, the GDPR does not apply. Secondly, your prospects do not need to purchase from your site for the GDPR to apply to your business. Even if you happen to be collecting data as part of a marketing survey, those EU consumers are protected under the terms of the GDPR.” If a company sends out a marketing survey not directly targeting EU consumers, yet a consumer from England happens to fill out the survey, he/she is not protected by GDPR. However, if the company’s survey references EU consumers in any fashion, those consumers will be protected by GDPR.
Marianne Chrisos, in her article “What Companies are Affected by GDPR?” listed a few questions U.S. based business can ask to find out if they are affected or not:
- Does the business market to customers in the EU? (Generic marketing – like a Google ad found by an EU customer – wouldn’t count, but targeted marketing, like a Facebook ad for European customers, would.
- Does the company have a current customer base in the EU?
- Does the company have any employees that work in the EU?
Answering “yes” to any of these questions means your business will likely be affected by the GDPR regulations. Additionally, these regulations will likely guide companies that accept payment in Euros.
Ultimately, the GDPR means significant changes for personal data, but it can benefit your business in the long-term if you comply with the rules. Full transparency shouldn’t be thought of as a strike from the reaper’s scythe, but instead as a way to build trust, engagement, relationships, and subsequently, revenue with your consumer.
“The GDPR has extensive compliance regulations for many businesses in the United States. It’s important that businesses that are not yet affected begin thinking about data safety and security protocols now, as the GDPR may be indicative of more regulations to come regarding consumer data. The work to ensure compliance with GDPR is extensive, but a commitment to customer data safety and protection is a worthwhile pursuit in this digital age.”
DivvyCloud can help customers stay GDPR compliant by providing guardrails for compliance across Amazon Web Services, Microsoft Azure, Google Compute Platform, Alibaba Cloud, VMware, and OpenStack. Try DivvyCloud for free to see our features in action and how they can help your company become and stay GDPR compliant.