Does your digital marketing agency have clients in Europe? If so, you need to familiarise yourself with a new EU law, due to come into force on 25 May 2018 which will impact how you handle client information. The General Data Protection Regulation law was drafted by the European Union and will affect not only companies based in Europe but also those around the world with European clients. Digital Marketing is a flexible industry which can conduct its business anywhere in the world. So, if you have clients in Europe, here’s what you need to know about General Data Protection Regulation and your responsibilities.
What Is The General Data Protection Regulation?
In a world where privacy and data security are endlessly front and centre of our news cycles, governing bodies are starting to hold companies accountable for the security of their clients’ sensitive information. And about time too. While most companies will have a basic system in place to ensure their clients’ privacy, the General Data Protection Regulation (hereafter GDPR) is making this a legal requirement for companies within the EU. The GDPR will:
- Increase transparency
- Hold businesses accountable for data leaks
- Impose stricter sanctions
- Empower individuals
Most importantly, the GDPR applies to all businesses, irrespective of size, which holds ‘Personally Identifiable Information’ (PII) on an EU citizens.
What Data Is Protected?
The GDPR protects ‘personal data’ and PII. The law states that this includes:
- Passport number
- Date of birth
- IP addresses
- Mobile phone identifiers
- Any information that could allow a company to identify, locate, contact or single out an individual
This last point is important for those of us who offer advertisement services online. When it comes to Facebook Ads, our ability to target an audience so specifically is only possible because Facebook shares data about its users. Our business success requires the sharing of market information and the recent scandals could jeopardise that. Therefore, we need to work to reassure the public that companies who are accessing this data are doing it for their own benefit. After all, wouldn’t you rather see adverts for products or services applicable to you and your interests on your Facebook Newsfeed rather than generic, irrelevant ads? We need to demonstrate the positive use of data sharing and defend against the negative.
Why Should You Care?
Businesses found not complying with the GDPR could be hit with fines of up to €20 million (that’s AU$32 million) or four percent of their global turnover (whichever is higher).If that isn’t enough to convince you, the damage to your brand name and reputation after data hacks is colossal and often fatal for businesses. Digital Marketing agencies will hold a number of the above pieces of information about their clients. If any of your clients are based in a country which is a member of the EU, therefore, you are legally required to protect this data (as you should already be doing). A survey by Ernst & Young found that businesses operating countries outside of the EU, specifically the United States and Australia were not well prepared for the GDPR.
How Can I Prepare?
Here are five basic tips which can help you comply with the GDPR:
- Review where your data is and how it is protected (upgrade if necessary)
- Implement privacy protection policies
- Make your data collection processes ‘opt in’ rather than ‘opt out’
Digital Freak has clients in the UK and Asia. As an international business, we know how important it is to comply with legislation in all countries in which we trade. Taking steps to protect our clients was always part of our business structure but in light of these new laws we will be reviewing all our processes to ensure our clients’ privacy is secure.
Even if all of your clients are based in Australia or not in the EU, it may be time to review your data protection practices. Not because the law requires you to do so but because it is the right thing to do. Your customers have entrusted sensitive data to you and it is your responsibility to ensure this information is kept secure and safe, so that third parties cannot exploit this data./
Australia is following in the steps of the EU and ‘Consumer Data Right’ legislation is currently being drawn up by our federal government. While companies in Australia may not yet be legally accountable for how they protect customer data, this will change over the coming years. Let’s encourage the industry of digital marketing to lead the way by keeping our customer data safe and helping our clients to do the same for their consumers.