Many U.S. businesses may be surprised to learn that the European Union’s new data privacy rules could impact them, too.
The EU’s General Data Protection Regulation (GDPR) will take effect May 25 and imposes strict new rules about internet privacy and the collection of data on EU customers. Businesses must follow these new rules or risk paying substantial penalties.
Most EU-based businesses and multinational companies have been aware of the coming change for some time and are likely ready for compliance when the time comes.
U.S. Businesses, Too
Any U.S. company that has a web presence — and who doesn’t these days? — and markets its products over the internet should review its policies on data collection and consumer privacy. This makes sense not only because of the upcoming GDPR rules, but because of all the attention the Cambridge Analytica scandal at Facebook and other data breaches have received recently.
As for the GDPR, talk with your lawyer to see how your business might be affected. If you have a website, then by default it is accessible to the whole planet.
However, there are certain conditions that apply regarding how you might be marketing to EU residents and what information you might be collecting from them or about them.
Of interest is Article 3 of the GDPR says if you collect and process personal data from or monitor the online behavior of someone in an EU country, then your business needs to comply with the requirements of the GDPR.
ARTICLE CONTINUES BELOW ADVERTISEMENT
Pay careful attention to the phrases “monitor behavior” and “process personal data.” That means a financial transaction doesn’t have to take place for this extended scope of the law to kick in.
A simple marketing survey in an email collects “personal data.” It gets a little more complicated from there. That’s why you need to consult your attorney.
Storage and Protection
Once the data is collected, the GDPR also has rules governing its storage and protection. A new 72-hour notification rule will be imposed on certain types of data breaches, particularly those involving sensitive data such as medical or financial information or identifiers for children.
It’s hard to know at this point how the EU will enforce actions against U.S. companies doing business over the internet, but these new regulations are part of a growing concern — we’ve seen it here in the states — over what consumer information is collected and how it is handled.
Are you GDPR Ready?
Be sure to also address your data collection and usage practices, too. HubSpot has a good GDPR checklist that may help, at https://www.hubspot.com/data-privacy/gdpr-checklist.
Ad Networks are Preparing
Google, advertising networks and publishers are working on ways to serve non-personalized ads to European consumers before the GDPR rules go into effect. While Google already requires publishers and advertisers using its ad services to get consent, the new GDPR laws will take it further.
Google said it will capture consent for properties such as search, YouTube and Gmail. But the company wants publishers in its network to step in when Google’s ad-targeting technologies such as DoubleClick Ad Exchange, AdMob, AdSense and DoubleClick for Publishers operate on behalf of a third party.
ARTICLE CONTINUES BELOW ADVERTISEMENT
Thank you for signing up for our e-newsletter!
You should start receiving the e-newsletters within a couple days.
Google Analytics Letter
Google recently sent a letter to its Google Analytics users telling them that as a result of preparing for the GDPR, they now will be able to control how long user data is kept on Google’ servers. In addition, before May 25, it will be able to manage the deletion of all data associated with an individual user — for example, a site visitor — from Google Analytics and/or Analytics 360 properties.
Data security measures also were discussed. If you use Google Analytics, watch for more news in the coming weeks.
The Next Horizon
The GDPR will continue to have a sweeping influence worldwide — not only in Europe with retailers, search engines and publishers, but also in California.
This November, the California Consumer Privacy Act of 2018 will appear on the ballot and could give consumers there the right to ask businesses what personal data is being collected about them and how it’s being used. That movement might grow to affect us all in the coming years.
As digital marketing gets smarter, it will be interesting to see how privacy concerns will play a part in that technological advance.
l Tracy Pratt is a product manager and marketing strategist at Fusionfarm, a division of Folience; (319) 398-8343; firstname.lastname@example.org.