GDPR Takes Effect in May, Is Your Business Ready?

A major change is on the business horizon. The General Data Protection Regulation (GDPR) will be in effect on May 25, 2018, bringing with it major changes to data protection laws. The question now is whether your company is ready for it.

How it Affects US-Based Businesses

Europe’s GDPR is designed to consolidate and bolster data protection for people within the European Union (EU). It’s easy to assume that the new regulation will only affect EU-based businesses and multinational companies and not American companies that do not have any direct operations in the EU. However, that’s not the case. US companies with a web presenceand which markets their services and products on the internet would have to comply with the rules of the GDPR.

This is due to the geographic reach of GDPR. Article 3 of the new data protection law states that any company that collects behavioral data or personal information from any individual in an EU member country is mandated to follow the requirements of the GDPR. However, this doesn’t apply to EU citizens who are outside of the region when data was collected.

The kind of marketing US businesses conduct will also be under a microscope. Generic marketing is safe. For instance, it’s not a violation when a German user comes across a US company’s English-language website. But when said company specifically collects data by marketing in that country’s native language and there are references to EU users, then GDPR rules apply.

US companies would also have to adjust their interactions and online marketing forms in order to secure explicit consent from the consumer. According to the GDPR, user consent has to be “freely given, specific, informed, and unambiguous.”

How Companies Can Get Ready for GDPR

Despite the GDPR being ratified by the European Parliament in 2016, many companies are still unprepared for this new law. A Forrester report revealed that a mere 15 percent of B2B marketers are GDPR compliant while 18 percent are still at a loss on what to do.

Luckily, there are things you can do to get your company ready to comply with the GDPR.

  • Get Familiar With Your Data Sources: You’ll be able to comply more easily with the new data protection rules if you know what kind of information you have and where to access it.
  • Make a Plan for Managing Old Data: Come up with a way to handle data that’s no longer relevant or required. Archiving is not a good idea because it will remain vulnerable to data breach. It should be purged via a secure method instead. Processes should also be put in place to prevent accumulation of out-of-date information.
  • Categorize Information: Not all data are created equal. Categorizing information based on its relevance and value will minimize the threat of security breaches.
  • Hire a Data Protection Officer: A company with more than 250 personnel should hire a data protection officer. He or she will be the key resource person for all activities and concerns revolving around data protection.
  • Train Your people: Have your personnel undergo training so that they understand what the new regulations are, the procedures and policies and how it will affect them and the company.