In the news lately, there has been a lot of discussion about the European Union’s decision to begin enforcing data protection laws for its residents. The General Data Protection Rules aim to restrict the kind of data businesses are allowed to store about users. These laws are a big deal because although they only strive to protect EU resident’s data, they apply to any business that holds their data, no matter where they’re based in the world.
What is the GDPR?
The GDPR is a set of new laws that aim to increase transparency around how businesses collect and store personal information of users on the web. The regulations apply internationally to all businesses dealing with the data of people living in the European Union. It’s mostly businesses that are engaging in digital marketing efforts that are impacted by these changes.
Businesses usually track and store data on their website visitors because they want to learn more about their market. User information allows businesses to build relevant and engaging strategies and campaigns that target their customers. Often these are in the form of “cookies”. However, there is growing concern about data being used in inappropriate or malicious ways. As a response, the EU has created the GDPR in an attempt to protect internet user’s privacy.
Who is Impacted by the GDPR?
The GDPR is intended to protect the privacy of EU residents. Because of this, any business that intends to generate visits or sales from these users will be affected - even if they’re based in New Zealand.
If your website currently stores and uses data from your visitors, and you receive web traffic from countries in the European Union, you will need to comply with the GDPR or risk a hefty fine.
What are the Consequences of Non-Compliance?
Failing to comply with the GDPR and continuing to track user data of residents from the EU can result in fines of up to €20 million, or 4% of the worldwide annual revenue of the previous year, whichever is higher. A number of businesses have found themselves being pulled up just days after the laws have come into effect. Compliance with the GDPR is guaranteed to be in huge focus in the coming months. To avoid the risk of legal ramifications, businesses should take the necessary steps to meet these new standards.
How to Comply with the GDPR
The first step towards making sure you’re not burned by the GDPR is to perform a data audit on your websites and marketing activities. Check to see whether you’re currently tracking information about your web traffic and whether any of your web traffic is based in Europe.
The next step, if you have found that you are tracking and storing data of EU residents, is to ensure you have obtained information with consent. This means you have to be crystal clear to people about whether you are storing data and what you are doing with it. If you're unsure about whether you have the appropriate permission to access data, you should consider consulting a professional.
The GDPR doesn’t necessarily mean you can’t generate data on your audience - it just means you have to be honest about it.
Find Out More About the GDPR
If you're worried about the GDPR and you'd like to find out more information about compliance, the Marketing Association and the Office of the Privacy Commissioner provide informative resources for New Zealand businesses.
Alternatively, feel free to get in touch with The Web Company for advice on website data management.