The General Data Protection Regulation (GDPR) is a set of rules in European Union law on data privacy and protection. All EU states now have a single and consistent approach of handling data privacy and protection when previously each state had its own rules and guidelines.
As an American based company, does all the buzz on GDPR compliance have you wondering where to start? Here are a few considerations to ease your mind and get you trekking down the right path for your company and their needs.
Where do you begin with GDPR?
Look at GDPR as a benefit, not a burden, for your customers and your company! Becoming GDPR compliant in this day and age has something in it for everyone, whether they are based in the EU or anywhere in the world.
In the current technology and information climate, more and more users want their vendors to have safeguards and processes in place to ensure data protection.
What else do they want?
They want transparency and expect clear language on how their information is managed. They want access to the personal information vendors have on them and the ability to dictate what happens to it – whether that means change requests, erasure or processing restrictions. GDPR provides the guidelines to give the people what they want! Companies that provide these services and capabilities will set themselves apart from others and will only be more and more attractive to customers and clients.
On the flipside, GDPR also provides protection for your company by providing guidelines on receiving explicit consent for data processing as well as defining what lawful processing is. These guidelines help by providing some questions to ask your teams and leadership and get your company on the path to Privacy by Design. Whenever you design, develop, or implement a new feature or product that requires a user to provide personal information, ask yourself:
- Is this information absolutely necessary for my goal or objective?
- Could I provide the same service or CX while collecting less information?
- Am I using the collected data for the sole purpose needed for the feature or product?
- Am I as transparent as I can be with how and why the data is being collected?
That’s your first bite of GDPR brain food for now – hopefully, you learned how moving toward a Privacy by Design model is key to good data collection practices. In our next session, we’ll get into who GDPR applies to and the next steps you can take on the path to compliance!