Think the GDPR only applies to European-based companies? Think again. This groundbreaking E.U. data security law is causing a cascade of changes to global business. you might be wondering – What is GDPR? Does GDPR apply to U.S. companies too? Should you be doing something to protect your business? We’ve listed a lot of great resources with answers for our software technology clients in this article.
The GDPR, or General Data Protection Regulation, takes effect in the EU on May 25, 2018. Some tech experts are calling it the greatest change in data regulation in 20 years because of its legal severity and potential for far-reaching effects. Just one misstep could cost your company a staggering 2% of global revenue in fines.
The law was basically enacted to protect privacy and ensure consent for data collection and distribution. It centers around the E.U.’s hot-button topic known as the “right to be forgotten,” or protection from the internet’s long-lasting archive of false and damaging information.
In a word, yes. The GDPR does impact U.S.-based businesses, so don’t make the mistake of assuming otherwise. Here’s why.
In the spirit of shielding people from reputational damage, the authors of the GDPR had to look at how online data is collected in the first place. What they found was a widespread pattern of companies around the world – not just in the E.U. – gathering personal information and behavioral data about their citizens, without consent.
For this reason, Article 3 of the GDPR states that if a company collects data from someone in an E.U. country, it is subject to the requirements of the GDPR regardless of the company’s location. To be crystal clear: If your U.S.-based tech business collects any bit of personal data from an E.U. citizen, the GDPR applies.
If you don’t do business with E.U. buyers, you might think you’re in the clear. But consult with your IT director, marketing director, and data management company before letting your guard down.
The GDPR clarifies that a financial transaction does not have to take place to fall under the rule. Victims don’t have to be your customers. Collection of personal data, known in the U.S. as PII or personally identifiable information, is the GDPR’s central focus.
So let’s say, for example, you did an internet survey asking people – customers, non-customers, random site visitors – for feedback about your website. If, while taking the survey, E.U. residents provided information about their gender, age, education level, country of origin, or a wide range of other basic demographic info, the GDPR applies.
OK, so maybe you never requested demographic info, but just asked about peoples’ likes and dislikes. Even if an E.U. citizen just checked a box that said, “I enjoy reading tech news,” it would be defined as information about personal interests and fall under the GDPR. The E.U. has a broad definition of behavioral data.
Some companies are realizing they’ve been collecting this kind of data about E.U. residents without giving it much thought. One common example is the info gathered for free trials and free content.
Does your tech company have a required field, like an email address, before people can read a free eBook, download a whitepaper, or try out a basic version of your service? If so, an E.U. resident may have given you personal information that’s expressly covered under the GDPR.
To keep your company covered, you’ll need to implement some new policies and procedures. It’s time to update across platforms, because GDPR requires consent to be “freely given, specific, informed, and unambiguous.”
After collection, you’ll have to keep data protected under GDPR guidelines and notify regulators within 72 hours of a potential breach. Failure to do so brings thousands – even millions – in fines. GDPR regulators will take 2% of your global revenue per incident.
Some pessimistic tech experts say the authors of the GDPR are likely interested in making a high-profile example of a U.S. business that fails to comply. Don’t let it be your company.
Here is a list of free GDPR resources to get you started.
By Barbara Pfeiffer, The Partner Marketing Group
One of the most popular presentations I do (and I’ve done A LOT over the years) is about bringing the voice of the customer (VoC) into your marketing. So it’s safe to say it is 1) important and 2) a lot harder than people think.
Whether I’m teaching
I recently had the good fortune to attend the GeekWire Cloud Tech Summit in Bellevue, Washington. Focused on Cloud Technology, this is the second year GeekWire has hosted the conference. Attended mainly by developers and techies, I found my way to the business track which was just as valuable. Topics discussed centered around Serverless Environments,
By Michelle Etherton, The Partner Marketing Group
Tired of seeing the same old marketing data from 5 years ago? So are we. That’s we’ve put together a list of 26 recent B2B marketing stats and trends you can use to build your own marketing strategy and team.
Our clients in the tech sector
By Cheryl Salazar, The Partner Marketing Group
I got my start in the channel working for a newly appointed Microsoft software distributor where I managed the Microsoft product line. In those days, working for a distributor meant moving heavy boxes filled with thick training manuals, managing floppy drives and SKUs, expediting shipping, executing
By Michelle Etherton, The Partner Marketing Group
Because our clients are software and technology companies, we know firsthand how challenging it is to tell a complex story in a way non-techie people understand. Oh, and by the way, you’ve also got to make it creative, engaging and relevant. How the heck do you