After a two-year transition period, the EU’s new data privacy law, the General Data Protection Regulation, finally went into effect Friday, May 25. From now on, all businesses that handle personal data for citizens of the European Union are required to follow specific guidelines for how they collect, store and use that data.
With data analytics playing a greater role in business interactions than ever before, especially in B2B organizations, the GDPR imposes more strict and expansive regulations than previous privacy laws. In an important twist, the legislation includes non-EU businesses that interact with EU data subjects, ultimately bringing outdated privacy legislation into the era of SaaS to reflect the way people use the internet today.
Businesses that don’t comply with the GDPR will face hefty fines—up to €20 million (US$24.7 million), or 4% of the company’s annual revenue, whichever is larger. If your business relies on personal data to operate, here’s how the GDPR will impact your business.
How the GDPR will influence software development
Because the GDPR gives customers more control over how businesses collect and process personal data, customer privacy will likely define software design and development in the future. Going forward, software developers must shift to a mindset in which data privacy exists at the core of all infrastructure. B2B organizations are just coming into a new phase of digital maturity and it will be especially important for these companies to develop each solution and strategy with the new regulations in mind.
As a software company in the era of the GDPR, design and update your technology platforms using the principles of “privacy by design,” which means incorporating relevant data security principles as foundational elements. Give your people visibility into how their personal data is processed, allow them to adjust privacy settings to their liking, and enable automatic requests for consent.
Why the GDPR is an opportunity for data-driven businesses
The GDPR is a big deal for any business that touches customer data. It’s the most significant data privacy legislation to date, requiring businesses to adopt a customer-first mindset. Businesses need to prepare for a world in which the GDPR is a universal rule—not just in the EU.
However, your business shouldn’t consider the GDPR a threat to your data-driven sales and marketing strategies. Instead, think about the GDPR as an opportunity—an opportunity to futureproof your business based on the likelihood that this legislation is just the first regulation of its kind. But more important, consider the GDPR an opportunity to earn trust with your customers and prospects.
Data privacy is an important issue for both business buyers and consumers. Over the past few years, we’ve seen plenty of examples of companies that didn’t protect customer data, or weren’t forthcoming about data breach—and how these situations negatively impacted their businesses. Trust is currency in today’s economy, and compliance with the GDPR helps you gain the trust of your customers.
Prepare for the GDPR now
Although personalization is a high priority for marketers and sales teams, it requires the use of data. Don’t abandon personalization or other data-rich tactics due to the GDPR. Instead, invest time and effort now to ensure compliance.
If you work with EU customers and you haven’t already made the necessary changes to ensure compliance, now is the time. If you don’t work with EU customers, start thinking about these steps now to prepare yourself if similar legislation is enacted in the US and other countries.
- Understand the GDPR legal framework. Make sure everyone in your organization understands the details of the GDPR, how your company is working to achieve compliance and why it is important.
- Review your data. Start mapping data to assess the information you have, how it’s collected and used, and how it’s shared. Depending on the findings, you may need to reconsider where and how you store data within your infrastructure.
- Update all privacy notices to comply with the GDPR. To comply with the GDPR, you’ll need notifications that indicate how you will use an individual’s data, how long you’ll keep the data, and the individual’s right to access, transfer or remove his or her data.
- Establish processes for managing consent and the right to erasure. The legislation states that businesses can only use personal data if individuals actively give consent. Additionally, if a customer requests that you remove his or her personal data from your system, you are now obligated to do so immediately.
It will take time and resources to update your existing systems. But the good news is that there’s no right way to comply. The GDPR gives businesses the freedom to determine how to restructure their own products and systems. Consequently, the strategies large data companies like Facebook and Google take to comply will differ from those that smaller startups take.
Even if the GDPR does not impact your business now, it’s smart to start thinking about data privacy. As the GDPR takes effect, customer concerns about data privacy will only increase — and that means your business may lose out on potential sales if you can’t prove your ability to protect your customers’ data.
Pieterjan Bouten is CEO of Showpad, a provider of software tools used in sales and marketing.Favorite