GDPR compliance is being enforced. The GDPR has already garnered international attention, with similar legislation in the works in countries like China, Japan, India, Brazil, and New Zealand. Attention around the GDPR has been mounting in US. Beyond the United States and the other countries already mentioned, most experts predict that an even wider rollout of consumer data protections is inevitable.
Since GDPR took effect, Google was fined nearly $57 million for processing personal data for advertising purposes without obtaining the required consumer permissions. Google also failed to adequately inform consumers about how their data would be used, nor did it provide enough information about its data consent policies.
The GDPR requires companies doing business in EU member countries to get consumers' consent via an explicit opt-in process before collecting and sharing information about them; to provide a way for consumers to correct, update, and delete the data that companies hold about them; to fully disclose what information is being collected and how it will be used; and to properly notify all parties involved when there is a data breach.
Most companies are certainly pushing to improve their processes by updating older software solutions and processes where parts of their responsibilities are clear, and others are still in a murky world of gray and uncertainty. Many companies are still looking at their obligations under the legislation, trying to determine what is applicable to them and their portions of processing an individual's data.
In a recent survey from the International Association of Privacy Professionals, less than half of respondents said they were fully compliant with the GDPR, and nearly a fifth said they believed full compliance with the GDPR would be impossible.
One of the biggest shortfalls for businesses right now concerns the GDPR provisions requiring a full accounting of all the information organizations hold on consumers upon request within one month.
Companies should simply assume that all aspects of the GDPR apply to them.
Experts and insiders concede that the GDPR has been successful in one key area: Consumers now have more of an interest in what happens with their personal information. GDPR has made it simple for consumers to understand the important details about their data, such as how it is being used, where it is being stored, etc. Because of the GDPR, consumers are asking more questions and reading companies' privacy policies more closely. And that will ultimately lead to greater accountability.
The GDPR has also changed the entire dialogue between companies and customers.
Whether it was a stated goal of the GDPR or an unforeseen consequence, companies are beginning to self-regulate, knowing that regardless of the form, there is increased need to give consumers greater transparency and control over their data.
Because of the penalties and other negative ramifications of ignoring GDPR, companies have to take GDPR seriously with internal programs to organize their data better. Companies need to provide transparency about the data they capture, as well as a mechanism for consumers to choose which information can be captured and how it can be used.
For companies that have come into compliance, the GDPR has resulted in finely tuned databases and distribution lists, and streamlining email communication has made outreach more impactful with higher-than-before engagement rates.
If GDPR compliance is done right, companies will have the ability to create a master record of customer data on one platform.
That master record could contain all of the customer's allowed permissions, revoked permissions, or any changed notification settings, as well as a unified customer profile that combines details about their behaviors, interests, preferences, purchases, and other information from any engagement system or data source.
GDPR continues to require an investment of time and resources, but it is a worthwhile investment.
When all aspects of the GDPR are carried out fully, companies are able to deepen relationships and profitably grow revenue, consumers are able to gain transparency and control over their data, and regulators are able to safeguard commerce and consumer rights.
Galaxy Consulting has over 15 years in helping companies to achieve compliance in different areas, and since GDPR was released, we are helping companies to achieve compliance with GDPR. Please contact us for a free consultation.