GDPR in the USA
As marketing’s reliance on data has grown over time, so have the concerns over data privacy and data security. Companies worldwide are collecting data on shoppers, website visitors and clients, all in the name of personalized services and better marketing response rates.
While the data scientist in me thinks it is so cool how much information we can access about people, how many more data points are available from new technologies like IoT, and the increases we’ve seen in our predictive capabilities because of this data, the good data steward in me is also worried about how much data is available for access by potentially the wrong hands.
It’s a debate that has raged on in legislatures around the globe – how do you protect the privacy of individuals, while still allowing marketing, commerce and good customer service to continue? In the U.S. laws have been written, but none go as far as the EU’s General Data Protection Regulation (GDPR) that took effect this past May.
While the goal of the GDPR was to protect the data and privacy of EU citizens, it has impacted businesses and services far outside of the EU. Any business that collected data or provided services to EU citizens was impacted by this legislation, even if located in the U.S. As a result, citizens of the U.S. are also benefiting from this increased regulation, as their data will become more secure through the process of compliance with the GDPR.
Wondering how this is? It is because the GDPR’s guidelines require a company to be fully transparent with their collection and data usage practices. Companies have to classify their data and put data handling processes and procedures in place. They also have to ensure that the data is being carefully watched and to ensure data security. If there are data breaches, they must be reported quickly and be thoroughly investigated. They also must ask the consumers if it is ok for them to keep data on them and they must tell them what they’re doing with that information.
Even though companies complained (and some still have yet to comply) with the data standards provided by the GDPR, the practices really are for the better of consumers worldwide. Ensuring data is handled properly and stored safely is a good thing. Ensuring consumers have the ability to opt-out of personal data storage is ok to do.
While the GDPR is still just an EU law, I predict that a similar law will be coming to the U.S. in the next few years. A large segment of companies in the U.S. are already complying with GDPR standards anyway. Data privacy is just too important in today’s world for the U.S. to continue to allow companies to misuse personal data and not have data security processes in place.
At B2E we work with consumer data every day, and you can trust that we are following current data storage best practices and procedures. Nothing is more important than the safety of your customer data and it is our job to protect it.