It's time to take a hard look at your data practices, specifically how you collect, store and use it. That's because the General Data Protection Regulation (GDPR) tsunami is about to wash over Europe, bringing with it the strictest rules and regulations about how companies can use data, along with heavy fines for non-compliance.
While GDPR is an EU law, it protects EU citizens around the world, even when they travel. So while its reach is still ambiguous, there is evidence pointing to the idea that if an American company processes data on an EU citizen under any circumstances, it will be worth their time looking into GDPR alignment.
While U.S. companies that process only U.S. data do not have to comply with GDPR by law, those that don't are missing a big opportunity. Yes, their practices related to all things data will need a big overhaul, but the U.S. brands that voluntarily comply will stand out from their competition and earn trust with their customers.
GDPR is giving you the chance to say to current and potential customers that you care about their privacy, you are a responsible steward of their data, and you will not exploit or use it in Facebook-esque fashion.
Here's how you can start to prepare:
Do a data audit. Now.
Get a handle on what you have, where you store it, how long you've had it and what the process is for deleting it. Look at consent, how you've collected the data and what, if anything, customers have consented to. Ask yourself if you really need it, and how you'll justify having it with real business reasons if you get audited.
Put a pop-up for consent on your website
Under GDPR, customers must physically opt-in to give consent for you to contact them. Include boxes for every way you use data, and allow them to check any, all or none of them.
Consider appointing a Data Protection Officer
Given that GDPR isn't the law of the land in the U.S. (yet), it might seem a little extreme to dedicate a position to it. But having one person to understand GDPR in its entirety and ensure that you're in compliance with it will justify his or her salary by avoiding the heavy fines that straying into non-compliance, even inadvertently, will cause. It's also great PR. This is the opportunity to tell your customers how serious you are about their privacy.
Create a policy about handling data breaches
Under GDPR, if your data has been compromised, you have all of 72 hours to inform your customers. Creating a policy now will prevent headaches if that unfortunate turn of events comes to pass.
Customer data platforms, like DataSwitch, take the guesswork out of GDPR alignment. Our platform allows you to give your customers access to their data while providing you with a central way of managing, tracking and optimizing customer content collection on an operational level.
Questions? At Lineate, we're here to help. Visit our site and take the quick GDPR Readiness Quiz to find out where you are in the process.