Did you prepare your company for the General Data Protection Regulation (GDPR) rollout? On May 25, 2018, the European Union (EU) began to enforce this wide-reaching piece of legislation. And as a B2B company, it could impact the way in which you collect and use customers' and prospects' data. Rather than turning a blind eye to the GDPR, you should educate yourself on this legislation and how to comply with it.
While most U.K. businesses are familiar with the GDPR, it's a different story for businesses based in the United States. According to a survey by the cloud services vendor Sage, 91% of U.S. businesses are unfamiliar of the GDPR and its compliance requirements, and 84% of U.S. businesses don't understand how it will affect their operations. This is largely due to the fact that the GDPR was created by the EU. Therefore, many U.S. businesses believe that it doesn't affect them. The truth, however, is that the GDPR extends beyond the boundaries of the United Kingdom by affecting companies in other countries as well, including the United States.
Adopted on April 14, 2016, GDPR is a privacy law that affects all people within the European Union. It's designed primarily to provide citizens and residents in the European Union with greater control over the type of personal data that businesses collect from them and how businesses use that data. Although it was adopted in 2016, it had a two-year transition period, which has now expired.
You might be wondering if GDPR will affect your B2B company. Even if your company operates in the United States, there's a good chance that you'll be legally required to comply with this legislation. As previously mentioned, all businesses that collect data on individuals in the European Union must comply with GDPR.
It's important to note, however, that businesses must specifically seek to acquire data from an individual in the European Union in order for GDPR to kick in. If you collect data from users who visit your company's website, for example, you aren't required to comply with the GDPR. But if you use target marketing campaigns that specifically target individuals in the European Union, you are required to comply. Compliance is only required if you specifically seek to acquire personal data from individuals located in an EU country.
EU countries include Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the United Kingdom.
One of the most important requirements of GDPR is to acquire consent before collecting personal data from individuals located in the European Union. In other words, you cannot collect personal data on an EU individual unless that person gives you his or her explicit consent or permission. When seeking to collect such data, use a consent form to gain individuals' consent. This is a common tactic used by Android and Apple iOS app developers. Upon downloading a new app, it may prompt the user for his or her consent to collect and share data.
Whether it's in person or online, though, you should always obtain consent from EU individuals before collecting personal data from them.
GDPR also has notification requirements regarding data breaches that affect individuals located in the European Union. Hopefully, this doesn't occur to your B2B company. But if you experience a data breach that affects EU individuals, you'll need to report it to the local data protection authority while also notifying the affected individuals. Failure to comply with the GDPR's breach notification rule could leave your company subject to a fine of up to 4% of its global turnover.
Under the GDPR, businesses must understand and know the type of data they have collected from individuals in the European Union, why they are collecting that data, who will be accessing that data and how it will be used. So, if you haven't done so already, take a few steps back to review your B2B company's data collection policies.
This is just an overview of the GDPR and how it will affect your B2B company. Keep in mind that you must also train employees on GDPR compliance and what it entitles. Even if you're familiar with the legislation, your employees may not be. And a mistake on their behalf could leave your entire company susceptible to fines or penalties.
GDPR is a good practice even for companies like Salesleads Inc. So we wanted you to know that we do not use or resell any part of your personal information, company information or any information shared with us. If you are concerned about your personal information with Salesleads, give us a call at 800.231.7876.
To learn more about the GDRP, visit https://www.eugdpr.org/. It has a plethora of helpful articles, resources and tools to assist companies with compliance.