In the U.S., it seems the leaking of personal information is all too common with our personal data available online now, more than ever, through social media and digital assistant devices. One of the most significant steps to data protection just came to pass with the European Union (EU) privacy law last month.
The new General Data Protection Regulation (GDPR) began as part of a 2012 EU data protection reform. Finally approved in 2015, this main component provides EU citizens with greater control over their personal data and how that data is used and protected, both in Europe and abroad. According to GDPR, “personal data” refers to everything from name, email, address, date of birth, personal interests, photos, digital footprints, social posts, and more. GDPR will replace the 1995 Data Protection Directive, and companies were required to be compliant by May 25, 2018.
It’s All about Protection
At the core, GDPR is about data protection. Through the new regulations, EU citizens now know exactly how their data is collected and processed and alerts them if their data has been exposed and how: If information is hacked, the breached organization is required by law to notify the appropriate authorities within 72 hours so that affected users can act to protect their information.
What does this mean to U.S. based organizations? Any company that does business with EU customers—regardless of the company’s location—is required to comply with GDPR. This means that any U.S.-based organizations that do business internationally and store data in a database—and nearly 90 percent of surveyed businesses do store that information in digital databases—must be GDPR compliant or face significant consequences.
Get Compliant … Fast!
If your organization is not compliant yet, there’s no time to lose. There are several approaches you can take to getting compliant. Consider an email campaign that explains to customers what data is collected and stored with the built-in option for recipients to opt out. Some organizations have seen success with contacting customers directly for this conversation, though depending on customer volume and timing, this may be too time-consuming for your needs.
Moving beyond the initial compliance and data opt-in, future customers can be educated through a page on your website that again outlines how their data is collected, how it is used, and what measures your company has taken to ensure that their data remains safe. This is also a good place to offer an opt-out option to pull their information from your systems. Note that under the new GDPR regulations, opt-in boxes cannot be checked by default. Customers must actively select to allow their data to be collected. This influences everything from website “contact us” forms to future email campaigns.
Opt-in campaigns will also serve you with the chance to purge disengaged customers from your systems or provide the opportunity to reopen business opportunities with them! It may feel risky to ask a customer if they still want to be informed—what if they say no? Keeping the database current gives companies more realistic percentages on their effectiveness and allows them to focus on customers who do want to remain engaged in the business. Getting compliant with GDPR might be hard work, but it will benefit you even beyond the compliance requirements.
Non-compliance is not cheap. Your organization could be fined up to 4 percent of annual global turnover or €10 Million if you are not GDPR compliant. Other fines may also be imposed, such as a 2 percent fine for not having records in order, not notifying when a breach occurs, or not conducting impact assessment.
Getting Your Systems Online with GDPR
It’s not just about the data collection. GDPR also affects how your company stores data and who can access it. Not only will you need to audit your systems to ensure that information stored within is secured and consent has been given, you’ll also need to ensure that within your company, system users only have the permissions and access privileges they need for their specific role. Certain individual records and data fields, such as tax information or bank account numbers, may need to be restricted from your standard user access.
Fortunately, IN-SYNCH by ROI Consulting is designed to automatically move data between systems. Not only is integration lightning fast, it is also secure. With real-time data communications between systems, data is controlled from within your Sage 100 server and remains safe from eyes that should not see it. IN-SYNCH also minimizes the potential for errors due to manual re-keying of data. Plus, with real-time synchronization, you can be assured that all relevant systems will be updated as soon as customer input is received. No need to worry that a customer that has just opted out will accidentally receive the email campaign scheduled to send the next day.
Security is top of mind for all of us as the digital landscape continues to expand. Let IN-SYNCH be part of your solution both for GDPR compliance, and overall safety of every one of your customers. Find out how IN-SYNCH can benefit your compliance initiatives today by contacting ROI Consulting online or calling us at 402-934-2223, ext. 1.