Few pieces of legislation have businesses as concerned as the European Union’s (EU) new General Data Protection Regulation (GDPR). Billed as the “the most important change in data privacy regulation in 20 years,” the GDPR is poised to have a profound impact on how businesses interact with customers and increase the amount of effort that goes into protecting customer privacy.
With so much fear and controversy surrounding it, what exactly is the GDPR and how does it impact your business?
The GDPR: Its Scope
In short, the GDPR is consumer privacy regulation that updates and replaces the 1995 Data Protection Directive and goes into effect on May 25, 2018. One of the main goals of the GDPR is to unify consumer privacy, not only for the EU but for foreign firms who operate in or have customers within the EU.
Much of the legislation revolves around explicit consent requirements. In other words, customers must give explicit consent before a company can collect and process their personal data. This means that many current notifications of intent to collect data are no longer sufficient. For example, many phone call systems inform customers that the ‘call may be recorded for training purposes.’ While this was sufficient under the old directive, it falls far short of the new regulation. Customers will have to clearly give their consent for a call to be recorded. If, in the middle of the call, the customer revokes their consent, the person handling the call will be obligated to stop the recording.
That same principle applies to virtually every other aspect of consumer information. In each and every case, customers must give their express consent and will have more authority over what a company can and cannot do with said data.
The GDPR: Potential Unintended Consequences
While the goals of the GDPR may be admirable, there are a number of unintended consequences the legislation could create. Because of the strong emphasis on privacy, many services that individuals and corporations now take for granted may be crippled. For example, domain registration information may no longer be accessible, meaning that companies and individuals may not be able to look up the current owner of a domain name.
This will, in turn, severely impact brand owners who rely on such tools to be able to track operations that sell counterfeit goods or attempt to steal business online. The new legislation may will certainly make it more difficult for companies to pursue legal action against counterfeiters and protect their brands, as identifying those responsible for will be more difficult.
How the GDPR Impacts Your Business
The GDPR is a mixed bag for many businesses. On the one hand, there can be no doubt that the GDPR significantly increases a company’s responsibility to respect and protect customer data and privacy. In addition, the GDPR includes hefty penalties for companies that fail to do so, including fines up to 4% of global turnover—not just European business—or €20 million, whichever is higher. The GDPR may also greatly complicate the ability of many businesses to protect their brands.
On the other hand, the GDPR will simplify some aspects of dealing with consumer privacy issues. Rather than having to deal with the regulations of each and every member country, companies will now only have to worry about a single piece of legislation for all EU members.
Contact BrandShelter to learn more about how the GDPR will impact your business and the steps you can take to continue protecting your brand.