Why should I care?
Data privacy is essential for entrepreneurs and business owners in this country as well. While a ‘wait and see’ approach may be the best option for companies with no European customers, this is a topic that is not going away. Depending on how aggressive regulators are in the coming year, it could lead to the development of best practices for US-based companies as well. There are steps you can take today to incorporate customer data privacy into all areas of your company.
What is GDPR?
GDPR stands for the General Data Protection Regulation, and it is the implementation of a law passed in 2016 that standardizes data protection across all 28 EU countries. The GDPR applies to all data directly or indirectly related to an identifiable person in the EU that is processed by an individual, company or organization. In practice, this means that any company using the data of EU subjects, even if this company is stationed outside the EU, will need to comply new ways of storing data related to:
- Identifying information like name, address, ID number
- Web location, IP address, cookies
- Healthy, genetic and biometric data
- Racial or ethnic data and sexual orientation
Additionally, conditions for data retention have been shored up. Email list subscriptions, for example, have become more strict so that consent from the subject must be clear and distinguishable. The subject also has a right to request access to their data, and understand how it is being used. However, this doesn’t mean that companies have to get consent for everything, then only need to justify how they collect and use personal information. Punishment includes some very hefty fines, 20 million Euros or 4% of the company’s total global revenue, whichever is larger.
My business is in the US, how does this relate to me?
Some US companies with European offices are closing up shop because of the cost and effort it will take to comply with GDPR. However, for smaller businesses, it is important to note that you may have a bit more time to get a policy in place as non-compliance proceedings will be targeted at larger companies first. While we don’t know what the future holds, there is always the possibility that stricter data could come to the US.
Here’s what you can be doing about GDPR
- If you are just starting out, incorporate data privacy policies in your business plan: If US regulators do begin considering stricter data privacy policies, it will behoove you to be familiar with how to handle personal data.
- Look into the policies of 3rd party companies that you use. Maybe your company has a CRM or email marketing. Companies that deal with a lot of personal data, like the recruitment tool JazzHR, that already have a plan in place.
- Make your company compliant: This can be a massive undertaking, incorporating many stakeholders. However, you can look to larger companies for guidance. Hubspot has a useful product roadmap so you can see examples of how data compliance works with a sample product. It is a good inspiration for areas where other businesses could be more compliant themselves.
- Shout about how you protect your customer’s data: This isn’t a law in the US but is certainly still on US consumers mind’s with the Facebook Congressional hearings and emails they are receiving from larger companies. GDPR represents a great opportunity to get ahead of the game and implement a transparent data policy for your own customers. Then, tell them about it! Protecting their personal information can be just as important as great customer service.
For other tips and tricks about starting and running your business →Check out our blog.
CUE Marketplace connects entrepreneurs and businesses with the best software technology to succeed. Visit us for everything you need to start and grow a business.