Why General Data Protection Regulation Matters
The General Data Protection Regulation (GDPR) replaced the EU’s outdated data protection regulations in Spring of 2018. While at first glance this may not seem to affect exhibitors, it does affect lead generation of EU citizens. To be more specific, the GDPR has updated privacy safeguards for how businesses collect and store the personal data of clients and prospective clients.
Noncompliant companies could risk up to $22 million in fines–for this reason we’ve gathered all the ins and outs of the GDPR for our readers to check over–including what companies it affects. Read on to learn more and safeguard your company against unnecessary fees.
GDPR Requirements
For every member of the European Union, the GDPR setin place the following privacy and data protection requirements for companies:
- They must have consent from their subject in order to process their data
- Collected data must be anonymized
- Notify subjects of any data breaches
- Any data crossing borders must be handled with the utmost safety
- An official data protection role must be created within each company overseen by the GDPR
These foundational standards set in place guidelines for companies to handle their EU clients’ information–if you exhibit in areas under GDPR or if you collect information from an EU member you’re subject to these GDPR guidelines.
What Businesses are Affected by the GDPR?
The interesting thing about the GDPR is that your company may be subject to its regulations even if you don’t have an actual presence in the EU. If your business:
- Processes PII of EU citizens, but has no physical presence in the EU
- Has more than 250 employees
- Has less than 250 employees, but your data processing still impacts data subjects’ rights and freedoms
- Maintains certain types of sensitive personal data
Then your business must align itself with GDPR best practices.
What Types of Data does the GDPR Cover?
The GDPR protects first names and surnames, email addresses, phone numbers, photos and the following types of personal data of EU Citizens:
- Sexual orientation
- Political affiliations
- Biometric data
- Racial data
- Health data
- Location
- IP addresses
- Cookie data
- RFID tags
If you collect any of this information AND you meet the above qualifications of a GDPR overseen business, read on to learn how to align yourself with its regulations.
How to Ensure GDPR Compliance
Read the GDPR
It may seem intimidating to approach a large legal volume, but directly reading the GDPR’s verbiage within the law is essential for compliance. For example, the GDPR cites that companies need to make “reasonable efforts” to protect their clients’ data. While seemingly innocuous wording, the ambiguity of this phrase indicates that the GDPR has a large amount of freedom to decide what “reasonable effort” is–and the fees any misconduct would elicit.
Observe How Other Organizations are Complying
In our global economy, you may be surprised by the vast amount of businesses affected by the GDPR. However, this can be used to your advantage. If you’re unsure about how to comply with the GDPR, you can reach out to a business that has done a good job of doing so and get their advice.
Pay Attention to the Data Your Website Automatically Stores
Everyone knows that online browsing results in saved cookies, opt-ins and other data storage. Your website will do this too–and the GDPR has something to say about it. Usually these tools are already data privacy compliant, but it’s always a good idea to make sure and keep an eye on it.
Map Out Your Data Collection
All data collection your company does must be GDPR compliant. To ensure everything is good to go, try mapping out where your data enters and the journey it takes through your systems. This can help you discover any holes in your security and prevent future breaches.
How Does This Change the Way I Gather My Audience’s Information?
When you’re collecting data from a new lead or a party interested in your exhibit, you first have to get their specific permission to use their data. You should also record data using technology vs. writing the information down in order to ensure privacy and consistency.
Takeaways
At the end of the day, we’re living in a global, modern world, where international business lines are crossed and data is becoming more and more necessary to safeguard. By aligning your company with the regulations of the GDPR you’re not just safeguarding your business–you’re safeguarding your clients.