The General Data Protection Regulation (GDPR) is a reminder to brands that protecting personal data is a serious business. The global rule, which went into effect on May 25, 2018, governs the way companies process the personal data of European users. Brands that don’t comply can face a hefty fine of up to 4% of global revenue.
For any e-commerce company or brand that sells goods and services internationally, GDPR has an impact on data collection. Ansira breaks down the basics.
In the aftermath of the Cambridge Analytica scandal, there’s plenty of hype and fervor around the personal data brands collect. However, even with GDPR, brands can still practice the same level of data retrieval they’ve had in the past. The only real difference now is that users have to consent to it — and have to be given greater transparency and the right to have that data removed.
GDPR boils down to these three things:
Consent: Brands are required to provide comprehensive up-front notifications about how personal data is being collected on their websites. Most brands demonstrate their GDPR compliance with pop-up windows that ask users for their consent.
Transparency: Brands have to explain personal data use in ways the average person can recognize and understand. Pages of legalese or confusing wording won’t cut it. The pop-up windows must also tell users where to go on the brand site to find their data and give them the option to delete it.
User rights: Companies must honor user rights to delete personal data. The brand has 30 days to respond and comply. If they don’t, this is where the hefty finds come in.
From a data-collection standpoint, users won’t notice any sudden change online, other than the pop-up windows asking for their consent. For users who want to delete their data, the process is like disputing information on a credit report. They simply follow the guidelines set forth on the brand website and then wait the requisite time for the issue to be resolved.
Brands must be sure their marketing or advertising agency understands the intricate nuances of GDPR as it pertains to user experience, website development, and other relevant online activities. Because most public websites are accessible to European users, GDPR is a reality that must be handled with full compliance.
Although many brands are still in the midst of evolving their policies, time is of the essence. It won’t take long for a company to be slapped with strict penalties for noncompliance, just to make an example. The burden of responsibility is real — and falls on any company that collects personal user data.