Fallback Icon

Digital Marketing

GDPR: Our Take

By: Tallwave

You’ve probably heard of it, or seen it, or been exhausted of deleting the emails about it. In short, the European Union passed new regulations for data protection that compels companies to achieve compliance to new privacy standards by a May 25th deadline. You may also know it as GDPR. It carries provisions that require businesses to protect the personal data and privacy of EU citizens. If a business has limited exposure to the EU market, not all of the provisions apply.

What must companies do to comply?
In order to comply with GDPR, things are going to be a lot more user focused. Companies will need to get consent to collect and process user data. This means that they will need to be transparent in their initial privacy policy about what data is collected and how it’s used. Not to mention, they will be required to set up a mechanism for deleting user data in regular intervals, and at user’s request. So if you want your Facebook account removed from existence, it’s going to be removed.

Data breaches are going to be taken a lot more seriously, and users are going to understand what is happening. Within 72 hours, a company that complies with the GDPR must report data breaches. And GDPR is going to be enforced, for real, with a Data Protection Officer that will be monitoring compliance to GDPR. If you’re curious to learn more check out the full guide from the EU Information Commissioner's Office (ICO).

What Companies Does this Affect?
The GDPR does not affect everyone, however, we have compiled a simple list if it will apply to you.
-Have a presence in an EU country, and target EU citizens
-Don’t have a presence, but process the personal data of EU residents
-Target EU citizens with marketing campaigns
-Have more than 250 Employees
-Have fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects, is not occasional, or includes certain types of sensitive personal data.

What is Tallwave’s Position?
We firmly believe that brands should consult with their legal counsel to determine their individual need to comply with GDPR as our information does not cover all contingencies. However, if you do business in the EU, then you need to highly consider updating your internal processes to be more transparent about the data that you collect about your customers (even sales information like Name, Email and Physical Address, and IP Address). Especially since we are well past the deadline.

According to our understanding of the law, GDPR kicks in when a business intentionally targets an EU citizen. In other words, if you run an ad that specifically targets an EU market, then it’s an indication you intend to collect data and do business with EU citizens. If you’re just running an ad and an EU citizen stumbles upon it, GDPR doesn’t apply to you.

The law is complicated here, but actions like running advertising in a target country’s language, accepting european currency, or owning a european country domain name like .fr are all clear indications that a firm is intentionally conducting business with EU citizens.

What should the next steps be?
We know that the GDPR is going to be strictly enforced, so it’s time to determine your businesses exposure to the EU market and EU citizens. You can review your privacy policies with your legal team and update them to reflect how you use customer data.

You’ll also need to review any interaction on the website where user data is collected via a web form or whitepaper downloads. It’s important to know though, that third party data collectors like Google Analytics have their own compliance to work through and will not affect your compliance.

Information Commissioner’s Office
European Commission

Written by Tallwave

    Want more?

    Get extra insight with our newsletter.

    In the media

    We’ve shared our secrets with…

    Inc Entrepreneaur Press & Media