Have you been getting a lot of emails lately about new privacy settings and policies? This is all in response to the GDPR or General Data Protection Regulation which was passed back in 2016 and applies to all member states of the EU.
Don’t go just yet!
Just because these are EU regulations doesn’t mean this doesn’t apply to you or U.S. companies in general. The new regulations are in place to support and protect the data privacy of all EU citizens. As Peter from Roundpeg explains, “Since the internet is a global technology and your website (yes, your website) is part of the world wide web, you may be getting visitors or even orders from EU residents right now….The GDPR regulations only affect websites that intend to offer goods or services to EU residents or if that website processes the data specifically for the purpose of monitoring residents’ behavior.”
If you actively sell items or services to EU citizens and collect their information, you need to be compliant with these new rules. The complete GDPR can be found here.
Constant Contact explains the purpose of the GDPR is to:
- support privacy as a fundamental human right;
- require companies that handle personal data to be accountable for managing that data appropriately; and
- give individuals rights over how their personal data is processed or otherwise used.
What will these regulations look like?
Sarah Jeong of The Verge explains, “GDPR is an ambitious set of rules spanning from requirements to notify regulators about data breaches (within 72 hours, no less) to transparency for users about what data is being collected and why. “For many years it’s been, ‘How much data can we trick people into giving us?’ and ‘We’ll figure out how to use it later!’ That is not going to be an acceptable way to operate anymore under GDPR,” says Jason Straight, an attorney and chief privacy officer at United Lex, a company that sets up GDPR compliance programs for businesses.
EU residents have the right to request access to review personal information gathered by companies. Those users — called “data subjects” in GDPR parlance — can ask for their information to be deleted, to be corrected if it’s incorrect, and even get delivered to them in a portable form. But that data might be on five different servers and in god knows how many formats. (This is assuming the company even knows that the data exists in the first place.) A big part of becoming GDPR compliant is setting up internal infrastructures so that these requests can be responded to.”
A basic synopsis of the situation is that you, as a consumer, will have more control over who has your data and what they can use it for. You, as a business will need to be transparent in what information you do have, how you’re using it, and allowing individuals to edit and access to their own data. This will undoubtedly have an impact on companies that use customer data to target new leads or tailor content to certain people.
As a company that utilizes Constant Contact as our email marketing provider, we want you to know they are in complete compliance with the new regulations. An explanation of their standing can be read here.