17 Jan Avoid Losing 4% of Annual Revenue by Maintaining GDPR Compliance
Consumers care about data privacy now more than ever, and one of the most important data protection laws is the General Data Policy Regulation, or GDPR.
GDPR allows EU users to understand and manage how businesses use their data. GDPR protects any user in the EU, as well as anyone interacting with an EU-based brand. Brands must comply with GDPR when marketing or selling to consumers-regardless of whether their business is based entirely outside of the EU or not.
Given the complexity of the law and the costly penalties for non-compliance, we recommend that your brand take specific actions to remain compliant with GDPR. In fact, fines can be up to 20 million Euros or 4% of your business’s annual revenue (whichever is greater) for failure to comply.
The best way for your brand to maintain compliance with GDPR is to understand the defining features of the regulation. While GDPR builds on digital privacy laws already in place in the EU, there are a couple of distinct features that every marketer should understand. Here are the most important ones:
– Brands have to disclose how they collect and use data in a way that users can easily understand. GDPR requires that brands explain the types of data they collect in clear, understandable language that can’t be confused with any other part of their Terms Of Service. Users have to explicitly agree that the brand can use the information that is collected about them.
– Brands have a shorter window of time to respond to user data requests. GDPR shortens the time brands have to respond to information requests.
– Both data controllers and processors are responsible for ensuring user privacy. Anyone who handles user data within an organization must comply. This includes people who initially collect user data, called controllers, and data processors as well.
– Users can request to have all of their data permanently removed from the brand database. It’s important to note that the brand is also held responsible for any of that same data they may have shared with other entities.
– Users have a right to obtain and use their own data in a concept called data portability: Users can receive a record of all the data a brand has gathered from them, and the records must be in a form that is easy for users to understand. GDPR refers to this form as a “common format.”Google Compliance
Google initially responded to higher levels of consumer control guaranteed by GDPR with a series of updates to the tools in the Google Marketing Platform. We recommend brands use some of the initial guidelines set by Google to evaluate their own compliance on a regular basis:
|Google’s Actions||Brand Responsibility|
|Google’s Terms of Service and User Agreements comply with GDPR.|
|Review your brand’s Terms of Service with an attorney who understands GDPR and ensure that it uses the clear and understandable language required by GDPR. Request that each user review and agree to the Terms of Service.|
|Google notifies partners when products have updated Data Processing Terms (DPA)||Make sure you secure explicit opt-in from users landing on your site before dropping cookies.|
GDPR requires plain language explanations of the data collected when a user lands on a website. GDPR also requires plain language explanations of how the organization uses the data, as well as explicit “opt-in” from the user.
Make sure that users opt-in, and clearly understand how your organization collects data Users must also be able to access a document detailing how your organization uses their data after they opt-in.
Make sure users also have the ability to easily opt-out of tracking.
|Google utilizes annual reviews to ensure compliance.||Audit your security processes and data governance protocols on a regular basis.|
|Under GDPR, organizations must report data breaches within 72 hours of discovery. Advertisers are held responsible for the misuse of any stolen data.||Rewrite processes to ensure any data that you’re capturing is securely stored, and impenetrable by outside influence.|
|Google ensures international data transfers maintain compliance through regular updates.||While your brand may not handle international data transfers on the same scale as Google, we still recommend that you seek independent legal advice on this topic. If you’re working with an agency, be sure to confirm that they maintain compliance during data transfers.|
Consumers will continue to advocate for more transparency regarding how organizations collect and use their personal information. Therefore, every brand needs to maintain compliance with GDPR and other data privacy regulations as they go into effect.
Be proactive, and protect your brand by continually evaluating your compliance with GDPR. Remember that data regulation compliance also sends a positive message to consumers. Your customers will appreciate greater transparency about their data, and a transparent brand is one that users will choose time and time again.