What Does the GDPR Mean for Canadian Businesses?
Over the past couple of months, you have probably seen several emails and articles discussing the GDPR (General Data Protection Regulation). You’ve also probably noticed an upswing in social media conversations and news stories about data protection in general, so what’s it all about?
Well for starters, we do EVERYTHING online now from banking to health tracking, to socializing, to storing documents. The benefits of this are cost, accessibility, and innovation but it does cause two very important concerns: what are the rights of the user and what obligations do companies have to provide protection and transparency?
In recent months, users have more vocally started to question exactly what is being done with their information, how it’s being stored, and what rights they have to how it’s used. While there are currently laws in place to govern user privacy in most countries, it’s almost impossible for governments to keep up with the advancements of the internet—but they are trying. This is where the GDPR comes in.
What is the GDPR and Why is My Inbox Being Flooded with Messages About it?
The GDPR is a new set of regulations coming into place in the European Union to replace the current regulations surrounding data protection. It aims to help protect web users in a few different ways:
Users must now explicitly consent to give their data
Gone are the days of accidentally giving your social insurance number every time you want to create an account with an app. Companies now have to ask for explicit consent from users when they ask for personal information.
More user control
Have you ever thought to yourself, “I wonder what the apps and websites I use know about me?”
You aren’t alone! Under new GDPR regulations, companies are now required to provide individuals with the information they have stored about them in clear, easy to understand formats upon user request.
Additionally, users are now able to ask companies to erase their data at any point. While there are some stipulations on this, by and large companies will be obliged to delete data immediately upon user request.
Hefty violation fines
If an organization is found to in violation of GDPR, then they are liable to pay up to 4% of their global annual revenue, or 20 million euros (whichever is larger).
What Does the GDPR Mean for Canadian Businesses?
Well, that depends.
If you do not advertise, offer your services, or have any clients in Europe, you don’t need to be as concerned. However, any contact you have that resides in the EU is protected under GDPR which creates something of a grey zone. Many marketing platforms and CRM’s such as HubSpot have already taken steps to be GDPR compliant and so if you’re using this type of platform, you are most likely fine.
If you do advertise, offer your services, or have any clients in Europe (and you aren’t using GDPR compliant contact management systems) then it’s important to start creating a plan immediately as the GDPR comes into effect May 2018. There are many helpful resources online such as this GDPR checklist; however, if you are at all unsure as to your compliance then it is best to seek legal consult.
In July 2014 the Canadian Anti-Spam Legislation became effective and dealt with user consent for emails and the sharing between companies of mailing lists. This legislation aimed to provide more control for users over who could email them but did not change any general data privacy laws and its compliance will not make Canadian companies GDPR compliant.
The user protection revolution is started, how can you prepare yourself?
Whether it’s Facebook’s CEO, Mark Zuckerberg, getting grilled in the U.S. Senate over data sharing or new privacy legislation in foreign countries, users of the world wide web are starting to be more conscientious about where their data is going. It is better to start acting responsibly now than waiting for policy change.
Here are Some General Tips and Best Practices for Handling Data
Get explicit consent
Canadian companies should all be CASL compliant by now, but it’s always best practice to get explicit mailing consent from users. This benefits the company AND the contact.
A list full of people that actively signed up to hear from a business is going to be a more engaged audience than a list of people who just ended up on the mailing list. It’s better for the person receiving the email and it’s better for the sales team dealing with engaged leads.
Create a clear policy on what happens with user data
It’s important to know what happens with contact information, how it’s managed/stored, and who has access to it. Many marketing platforms and CRM’s, such as HubSpot, already have great contact management in place including the automatic exclusion of low engagement contacts from emails, the unsubscribe option built into every email template, and clean contact records only available to certified account members. If your business isn’t currently using a comprehensive contact management system or CRM, then it’s time to create a process to streamline all contact information.
Make passwords long and change them often
This might sound like an obvious piece of advice but it can’t be stated often enough and now there are tools to prevent any excuses. LastPass is a service that generates randomized passwords, stores all your usernames and passwords in a secure vault, and it’s available as a Chrome extension and mobile app. You owe it to yourself and your users to go above and beyond Password123.
Want to learn more about marketing best practices and Canadian marketing news? Enter your email below and subscribe to the Everbrave blog!
Disclaimer: This blog is available for informational purposes only and is not considered legal advice on any subject matter.