By Seth Kekessie
Overview
At its core, GDPR (General Data Protection Regulation) is designed to give EU citizens more control over their personal data (privacy and consent). It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.
What It Is
Under the terms of GDPR, not only do organizations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it are obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners – or face penalties for not doing so. GDPR applies to any organization operating within the EU, as well as any organizations outside of the EU which offer goods or services to customers or businesses in the EU.
What It is Not
Gathering contact lists and sending business sales emails is not prohibited under GDPR. The GDPR protects individuals, not businesses. The EU even declares: “The proposed Regulation on Privacy and Electronic Communications will increase the protection of people’s private life and open up new opportunities for business.” Organizations of all sizes in all sectors have collected, acquired, or otherwise accumulated troves of information on business customers and prospects, and this remains completely legal under GDPR.
Companies are also allowed to reach out to customers and prospects alike via email, telemarketing, and other digital means to market their goods and services. For the most part, if the customer does want to remain on the list, they just needed to click the part of the email that tells the company they wish to remain in touch. By the same token, customers and prospects who opt-out MUST have their wishes respected, under penalty of fines.
Enforcement
There are enforcement mechanisms including a legal obligation and timeframe to report certain types of data breaches which involve unauthorized access to or loss of personal data to the relevant supervisory authorities. There are elements of GDPR requiring ensuring that someone is responsible for data protection which organizations need to address, or run the risk of a fine. Data breaches inevitably happen. Information gets lost, stolen or otherwise released into the hands of people who were never intended to see it. Under GDPR the question becomes…” What controls did you have in place, and were they adequate?”
Best Practice
As a business the two most critical things to keep in mind are to:
- safeguard any customer & prospect personal data within your organization, and
- respect the wishes of those who have indicated they do not want to receive communications from you, (and to provide them an easy way to indicate as such)
Since GDPR was introduced, some of the world’s leading technology firms have attempted to re-position their products as privacy-focused – a strategy that has likely come about in some part due to increased awareness around privacy and consent by individuals. This has created misconceptions around what the Regulation allows and how companies must do to stay in compliance.
Knowland GDPR Compliance Within The EU
At Knowland we are in full compliance with both the spirit and the letter of GDPR.
- We only visit public areas of a hotel to capture the Event Board information displayed
- When we take an image of an Event Board, we never take a photo with a person
- Our Field Researchers do not enter any meeting rooms or other areas designated private in a hotel
- We can only enter into our Knowland platform the business email address and business phone number of a planner from the EU, if we have their consent recorded and kept on file
To conclude, GDPR was motivated by the need for individuals to have a greater say about how their personal data is used, as long as it is collected within the set guidelines. Companies that operate in the EU that have good data collection practices and safeguards, respect privacy and seek consent have not seen a major impact on their operations. These companies have continued to gather intelligence on customers and prospects, and businesses but under GDPR it is important to safeguard the collected data, and to make it easy to opt-out for individuals.
Sources:
- 5 Simple Steps To Sending GDPR-Compliant B2B Cold Emails
https://medium.com/swlh/5-simple-steps-to-sending-gdpr-compliant-b2b-cold-emails-4bfc023ccd37 - How does the GDPR affect email?
https://gdpr.eu/email-encryption/ - Proposal for a Regulation on Privacy and Electronic Communications
https://ec.europa.eu/digital-single-market/en/news/proposal-regulation-privacy-and-electronic-communications - GDPR enforcement varies widely by country
https://www.complianceweek.com/gdpr/gdpr-enforcement-varies-widely-by-country/27436.article