The GDPR (General Data Protection Regulation) took effect in the European Union (EU) in May of 2018. For the moment, this regulation only applies to European companies directly. However, it does extend to any company, anywhere, who has European customers or collects EU customer information.
The goal of the GDPR is to restrict the information that companies collect. It also forces them to be more transparent with how that information is used. And it gives consumers more control over who has their information and what is being done with it, while making it easier for consumers to have that information deleted.
Ultimately, the GDPR puts the control of consumer information back into the hands of the consumer.
Why We Felt so Violated
You walk into your best friend’s house one afternoon. The door is open and the lights are on. Nothing unusual.
You both like to drop by each other’s homes on the weekend. This is someone you’ve known since high school. You followed each other through college, vacations, and weddings. And you have basically raised your kids together for the last several years.
You’re close, to put it mildly.
But today is different. Walking in, you notice the door to their basement is open and the lights are on. Assuming they are down there, you walk down the steps. But as you reach the bottom, you freeze. You’re stunned. All over the walls are post-it notes, journal pages, photographs, drawings, maps, and strings connecting all these things together like a spider web. Your alarm turns to nausea when you realize that all these notes are about you.
That’s your face, and your family’s faces, in all those pictures. Those maps are of your neighborhood, the route you take to work each day, all the places you shop, and where you went on vacation.
You see a series of notes posted throughout that say things like:
“If they were a movie character he would be Captain Jack Sparrow.”
“Their personality could best be described as a purple wallaby.”
“If they were a food item they would be a bowl of spaghetti.”
The Loss of Social Media Trust
Many people felt this way when the Facebook/Cambridge Analytica scandal came to light. We discovered that all of our personal information and data gathered from silly quizzes and applications used on the social media platform, had been sold and used to influence our behavior.
It’s not that the information was stolen. We gave it freely. But in that giving there was an assumed trust that had been violated. Suddenly, this safe, social space that we were all a part of felt creepy, even dirty.
While some argue that quitting Facebook altogether is a bit of an overreaction, the fact is that the damage has been done. Once public trust is lost, it’s hard to regain. The honeymoon of social media is, in a sense, over now. Everyone is a lot more conscious of the fact that online companies, not just Facebook, do collect, store, and analyze our personal data. And not everyone is ok with that.
More and more, people want to regain control over what information is collected about them and how that information is used. While information collecting may just be the price of admission for a lot of online activities, it doesn’t mean that we have to allow that information to be shared, or worse, sold.
That is exactly why the GDPR was created.
What Changes with GDPR?
Before the GDPR, companies often hid their privacy policies within dense, convoluted text that was full of legalese and other complicated terms. With the GDPR, companies now are required to spell out their privacy policies in plain language that anyone can understand.
For a long time, many businesses assumed that consumer silence equaled consent to processing customer data for business purposes. If a business did have a request for consent somewhere, they would try to hide it in their Terms & Conditions sections, which are often so long no one would read them. They’d just hit “Agree” and move on.
Consumers have to allow consent
Now, a consumer has to give a company what’s called affirmative consent in order for their data to be used. In other words, the customer has to be able to say “yes, you can use my data” before a company is allowed the use of that information.
Businesses are now only allowed to collect data for a specifically defined purpose. They are not allowed to collect information once and use it every time the company wants to promote something new. Any time the use changes, the customer has to be informed.
Going forward, consumers also have the right to access the information a business has collected. And they have to be able to get a copy of that information, if requested.
One of the biggest wins is that consumers now have the “right to be forgotten.” So if a customer wants their data erased from a company’s database, the company must comply. Again, these mandates only apply to European companies right now. But even US-based companies must comply with GDPR if they have European customers and customer information.
What Does this Mean for You?
The GDPR fills in quite a few gaps that many companies have taken advantage of over the years. The growth of the internet, and the increased online presence of consumers and companies, has meant that information usage was outpacing regulation by miles.
Technology moves a lot faster than government. The GDPR helps get those regulations caught up a bit.
Think of it this way, you would never consider taking all the information you know about your best friend and selling it to a local department store so that they could get them to buy more stuff. And if they did something like that to you, you’d be mortified.
Yet, companies have been doing this for years. They have been taking customer information that was given to them in confidence and passing it around like candy. All the while they hid behind reams of unreadable text to justify their ownership of that data. But customer data should be owned by the customer.
Should consumers have been more wary? Probably.
That doesn’t mean that businesses should be let off the hook, though. Consumers deserve to know how their information is used. And the GDPR gives them the power to find that out and control what happens to their personal data.
As businesses, we simply have to do a little extra work to treat our customers with the respect and care they deserve. We all believe in customer care. The GDPR is just another safeguard that customers have against the few companies who would take advantage of them.
While the extra effort to make sure your company is GDPR compliant may be cumbersome at first, in the long run, this is the right move. As a consumer yourself, I’m sure you’ll appreciate knowing that your own personal data is back in your control.
The GDPR is all about wearing your “customer” shoes when collecting consumer data.
BJ Cary
Content Marketing Specialist
LTi Technology Solutions | wpstage.ltisolutions.com