GDPR – Understanding The Game Changer
By Suraj Dubey Updated: 22 May 2019
GDPR – you’ve probably come across this term more times on the internet in May 2018, than the Royal Wedding. So everyone is familiar with the concept of GDPR, now let us look at what it means for businesses, individuals, and marketers.
GDPR is basically an effort by the EU to bring their data & privacy protection laws up to date with the quantum leaps that ‘data’ has made in the past couple of years. The last data protection act in the EU is over 20 years old and doesn’t address the chasm in terms of how we use data now as compared to two decades back. So, basically, the new regulation is merely a set of laws that catches up with the evolving methods of data collection and data use.
What is The Extent of GDPR’s Reach?
The term, however, has been lost in a quandary of misconceptions relating to the various entities involved and how it will affect them. Does this new regulation only affect businesses operating in the EU? Does this affect both data processors and data controllers? Does this exclude the UK because of the Brexit?
To answer the above questions – GDPR affects everyone regardless. Basically, GDPR is about processing personal data and therefore if you collect personal data from anyone in the EU, then you are required to be GDPR compliant. This includes both processing and storing of personal information. If you have an old list (personal information) that you may have bought before the GDPR rule came into effect, it would still bring you under the purview of GDPR.
What is GDPR’s End Goal?
Marketers refer to the GDPR as a nightmare, and perhaps it is a pain to adopt, more so in the EU; where businesses will have to revise entire marketing and sales strategies. But the underlying theme of GDPR is to bring businesses that deal with personal data processing to be accountable for the data they process. This is especially relevant in the light of the recent Facebook – Cambridge Analytica scandal that shocked the world.
So, more than it being a nightmare, this gives companies a chance to redefine their customer relationship and build on that trust by ensuring users that by following GDPR guidelines, the business will engage in only lawful processing of personal data.
With the fines having gone up to €20 million or 4% of the company’s worldwide turnover for the previous 12 months, it is better to be safe than sorry.
Personal Data for Segmentation
What about segmentation? If you are collecting personal data so you can better segment your users and deliver only relevant content to them, would that be okay? Well, the GDPR does not prevent you from collecting personal data – it only requires that you state the kind of information that you collect and make it simple and legible for users to understand. The right to provide or withhold this information will now lie with the user of course, so a lot of the freebies that businesses collected could potentially trickle down in size.
The GDPR also states that it is mandatory to get the consent of the user to their personal information. The user also has to give their consent to the kind of communication that they would like to receive from your business.
No More Opt-out Only Opt-in
It was always taken for granted that business could start sending communications to users once they had provided their email address/ phone number while signing up or downloading content from your website.
This won’t be the case anymore. Come May 25th, you will have explicitly get user consent before sending them any communication. Previously if users wanted to opt out then users had this option – “If you don’t want to receive our marketing, click here.” But with GDPR it will have to be “if you WANT to receive our marketing, click here.”
As a result of this we’ve also made some internal changes so we remain compliant with the GDPR as well as help our clients remain GDPR compliant with their website/ app users.
Changes to our SDK, API & Implementation.