Finally, GDPR is Here!
The General Data Protection Regular (GDPR) is in full effect now in the European Union and is all set to watchdog every organization to secure the privacy concerns of the residents.
The European Commission had been chalking out ways and plans to make Europe fit for the digital age by bringing in data protection reforms ever since January of 2012. It took four years from there to actually reach a consensus on to what would come under it and how would the reform be imposed. One key element of the reform is the General Data Protection Regulation that applies to all the organizations in the EU member states, and also to other bodies that are dealing with any personal information that relates to the EU nationals. The aim is to provide the EU residents with a better control of their personal data, and easy access to it!
What Is It All About?
“The digital future of Europe can only be built on trust. With solid common standards for data protection, people can be sure they are in control of their personal information” – Andrus Ansip, vice-president for the Digital Single Market.
Personal data, according to the European Commission, is any information involving an individual – his/her private, professional, or public life. It can include anything like a name, residence address, a computer’s IP address, an e-mail ID, a picture, bank account details, social media post, medical information, religious beliefs, etc.
In a nutshell, GDPR will handle what personal data can an organization collect from a resident of the European Union, and how should it handle, protect, and profit from the data. A company has to notify the victims in case it loses their data, be it as a result of a cyber-attack, a human error, or any other method. It will be obligatory on the part of the establishment to convey a breach notification within 72 hours of the company becoming aware of it. Not doing so may result in severe penalties ranging from 20 million Euros to 4% of the business’s annual global revenue (whichever is higher); definitely not a Lilliputian figure you can just pay and move on!
You need to take GDPR seriously.
“But I Am A B2B Lead Generation Agency Owner In India, How Does GDPR Even Relate To Me?”
Pay a close attention to this: If you, your company, or even a not-for-profit organization processes personal data relating to customers, prospects, or employees residing in European Union or who are citizens of the EU, GDPR does come in to play, even if the data is processed out of the continent.
This not only means all companies in the EU are required to store and make use of personal data very carefully, organizations across the globe that have any type of business presence in Europe or monitor the behaviour of European individuals in any way come under the radar too. It is also required for companies based outside the European Union to employ a Data Protection Officer (DTP), who should be an EU-based professional as a central point of contact and representative for their GDPR obligations. This is mandatory if the company has more than 250 employees and engages extensively in the processing of sensitive personal data.
In short, the data protection laws of Europe will apply across the globe. Ask yourself these questions and you would know if your company needs to be GDPR-compliant:
- Do you have a geographical presence in the European nations?
- Do you want to target the European market in terms of providing your products or services?
- Are you concerned with the data of European individuals (who may, or may not be residing in Europe)?
- Are you concerned with the data of individuals who are currently residing in the EU or may stay in the future?
- Are you currently working with or plan to work with an organization that has a presence in Europe or relates to European nationals in any way?
B2B lead generation involves communication and interactions with numerous retailers, manufacturers, suppliers, businesses, professionals, and prospects all across the world and apparently, a significant amount of data collection is involved. Your inbound and outbound marketing efforts employ various techniques to collect the contact information (at least) of the businesses and prospective customers. Needless to mention, many of them may have European connections and you have no means of determining that beforehand. Also, if you have a customer from India who is residing in a European country for a while, GDPR applies there too!
There are separate sets of instructions pertaining to the collection, storage, and use of data with regards to B2B marketing. For instance, the processing of data must be absolutely necessary to achieve the legitimate interests of the company, and the processing must relate to the legitimate interests of your company or a specified third party, providing that the interests or fundamental rights of the data subject do not override the business’ legitimate interest.
Also, in the event of a business recording calls as a standard practice, just a disclaimer would not be enough to assume consent, the caller should have the rights to either allow or disallow the recording. Various amendments are being proposed regularly and the rules will be amended as and when required to save the rights and interests of the EU residents.
Businesses can still make use of marketing data and collect personal information of individuals for B2B engagements if they make sure the data is aligned to a specific campaign or objective and in no way hampers the interests, fundamental rights, and freedoms of the individuals. In this regard, companies are expected to keep their marketing database and CRM updated at all times in order to carry out Legitimate Balance Checks
Making a Website GDPR Compliant
Your online behaviour can be used to determine your identity and personal information, and GDPR is in place to regulate that. Now, every website must provide clear instruction as to what information they are seeking from the users, and why. Users should have the option to either accept or decline the cookies (like analytics cookies, marketing cookies, and preferences cookies) and the most-necessary cookies that are needed for browsing the website should always be checked by default. So, they must be able to browse the website even without accepting any cookies apart from the necessary ones.
The above image doesn’t provide any information as to what data is being collected and why, hence it is not GDPR-compliant. On the other hand, the image below defines explicitly where the collected information may be used and asks for the users’ consent for every aspect:
Lack of Awareness May Prove Fatal
The matter of concern at this moment is the fact that not many SMEs across the globe are aware of the GDPR directives and would likely be made to pay colossal fines if they happen to deviate from the regulations, albeit unknowingly and unwillingly. The need of the hour is to be aware of it and understand GDPR. It may seem tough to understand for a start, but thorough study and expert guidance may help you be GDPR-ready. There are a lot of organizations ready to assist you with your GDPR-compliance needs.
The digital marketing companies are predicted to be the most affected by the introduction of GDPR. B2B lead generation agencies, in particular, need to pay special heed into their conformance efforts. Companies must be able to demonstrate they are complying with all the principles relating to the processing of personal data by having technical and organizational measures in place to show they have thought of and incorporated data protection into their day-to-day data processing activities. The data should be protected in a secure environment. Having good governance in place and undertaking privacy impact assessments are the keys to staying away from any lawsuits that may arise as a result of non-compliance.