By the name, you may think only EU-based businesses are impacted by GDPR. This is not the case. Any business that handles EU citizens’ data needs to comply, regardless of where the business is based.
We talk a lot about digital marketing and sales in our blogs, so you may be wondering why we are writing about this? When new rules or regulations are introduced that can impact your company, and how you communicate with your prospects and clients, we want to make sure you’re aware of what’s going on.
What is GDPR?
If you have already made the move to be GDPR compliant, you’re set. This blog isn’t for you. Feel free to check out some of our other website related content.
For those who haven’t made the leap or are just curious about what’s going on, keep on reading.
There are two parties involved here, the data controller and data processor. Some companies fall into both categories depending on how they function.
A controller is the business hosting the data. It’s the controller’s responsibility to be GDPR complaint. In other words, your company is the controller of your contacts’ data.
A processor takes and uses the data. If you use HubSpot or another type of CRM, that company is the processor of that data on behalf of your company.
Non-compliance results in fines and penalties depending on the nature of the case.
GDPR gives more power to the website visitor or contact. Companies must ask website visitors for their data in a clear way. Those visitors, who become contacts, can ask at any point to see, change or remove the information collected about them. Contacts can ask for an explanation of where, why and how their data is used. Contacts can request a copy of their data so it can be taken somewhere else. It also means in the event of a security breach, contacts must be informed with 72 hours.
In response, companies are updating their privacy policies hosted on their website to include GDPR compliant language. Businesses with contacts in the EU must ask these contacts for permission to continue emailing them. If the contacts do not opt in, then they must be purged from the business' database.
Websites that may receive interaction from EU-based visitors are including opt-in language on any contact forms, notifying visitors how their data will be used, with check boxes for the contact to approve.
Processors like HubSpot are laying out step-by-step instructions for their users on how to be GDPR compliant. If your processor isn’t communicating with you about GDPR functionality, be sure to ask them about it! It can take some time to be fully GDPR compliant. It’s estimated to take some companies 18 to 24 months to get there. That’s why it’s vital you start right away.
Experts suggest starting by learning which regulations will impact your business based on where you are in the world. Next, outline exactly what information your business keeps track of and where it’s hosted. After that, communicate with your processors to learn how data is processed, delivered and used.
Time will tell if the United States will follow the EU’s lead and create even tighter regulations on online data usage and storage. It’ll be interesting to see how the effects GDPR ripple across the planet and what that means for websites.
What are your thoughts on GDPR? We’d love to hear your thoughts on this.