Six Months of GDPR — How Has It Changed Business?

By Jan Thomas On Dec 24, 2018

Before its existence, the General Data Protection Regulation (GDPR) brought about lots of fears within the circles of business owners and marketers. For customers or prospective clients, as that was their much awaited ‘triumph’ after the Facebook security breach.

As we are aware that data and its privacy protection is as old as the advancing age of cyber technology, it took seven years of preparation before the new GDPR was implemented. Since then, we’ve been seeing its influence on almost everything from digital marketing to medicine, and from advertising industry to banking.

GDPR Basics

Let’s get down to some detailed explanations.

GDPR, which officially began on May 25, 2018, is a new regulation that has substituted the 1995 Data Protection Directive. The Data Protection Directive provided minimum standards for data processing within the European Union (EU) and the European Economic Area (EEA).

The GDPR sustains the protection of privacy for everyone who lives within the EU and EEA. Basically, we can say that GDPR gives everyone, who lives within the EU area, the full control of their private data and the right to request a total erasure at any time.

The fact is that, technically, every business that processes the data of EU/EEA citizens or residents should only do so by acting in agreement with the GDPR. Or else, they’re definitely going to get severe fines.

With that being said, you can understand that a lot of businesses are still far from ready to continue or fully embrace this exciting new development.

Which Industry Was Affected the Most?

In fact, the GDPR is not only relevant to businesses located within the EU but also those outside of the EU. The effects of the GDPR are related to the operations of tech companies as they have to make the biggest compliance changes. Even though the EU parliament finally approved of this in April 2016, it took about 25 months to get it to start working.

From close observance, one can identify 3 stakeholders described in the regulations. They are:

Data subjects, who are the citizens or residents of EU/EEA using goods and services provided by data controllers.
Data controllers, who are the ones that decide the purposes and procedures of processing personal data — they coordinate processing.
Data processors, who are in charge of direct processing of personal data based on the instructions of data controllers.

So, for example, if you’re a company dealing in SaaS products to EU/EEA citizens or residents (Data Subjects) and using a third-party tool, Company Y, to analyze consumer behavior on your platform. You are the Data Controller and Company Y is the Data Processor.

Is GDPR Working?

Of course, it’s working! Despite the fact that, the major changes have been seen in only ‘giant’ companies, it’s expected to gradually extend to many other small companies by the end of 2019.

After GDPR, we’ve seen Facebook launch a range of tools to “put people in more control over their privacy.” They further made every user agree to the new terms of service and used this opportunity to coax them into using their new technology.

A study of the European Markets in November 2017 revealed that “92% of businesses in Europe were not prepared for the GDPR,” which meant that as of May 2018, there were a handful of companies that weren’t ready to comply with this new regulation.

The EU has started the education of the public on GDPR and has created a section on their website for Questions and Answers. So, in general, the compliance is working, but small online businesses are still working their way around GDPR.

What Happens to Startup and Small Businesses?

For startup and small businesses, there’s no need to panic! You’re not going to crash, as some people suggested after GDPR only came into power. You just have to go with the flow. We’re 6 months into GDPR already — the future of it is inevitable.

Moving forward, our best bet is to work on compliance. There are a few things you can do:

Be conversant with your client data. To prevent non-compliance, it is necessary to put on record what private date you hold, where it’s being kept, where it came from, and whom you share it with.
Be sure to consider clients’ rights. According to the GDPR, clients have certain rights that you must sustain. You need to always be in the position to attend all the requests by clients.
Get a data protection officer. You need someone who is skilled and can take full responsibility for compliance effectively.
Handle data breaches in the most appropriate way possible. According to the GDPR, “personal data breaches must be detected, reported and investigated.” Failure to do so will result in huge penalties, both for non-compliance and for the breach itself.

If you haven’t already, start monitoring for breaches from now on. For example, in the case of hacking, to analyzing the case, you might resort to a trusted reverse phone lookup option to start tracking the scammer who caused it.

Conclusion

For some time now, companies have had to review their business strategies to be compliant. It appears that to sign up a prospect for email communication, they’ll have to fill out a form or tick a box to confirm their consents.

After the institution of GDPR, some companies ha9ve started broadcasting how they protect their customer’s data which is a smart way of marketing. They’re ensuring that protecting the client’s personal information is as important as great customer service.

From an entrepreneurial view, I have to admit that over the past 6 months, data has played an active role in both digital and direct marketing strategies. Marketing databases must be reviewed to ensure that the company can acquire consent that has been granted lawfully and fairly. Although GDPR only affects residents in EU, it is commended that companies that operate internationally ensure all of their global audiences are GDPR compliant to meet strict data regulations in the future.