We’ve recently seen privacy laws passed or making their way through the courts. Many internet users are petitioning for their right-to-privacy when it comes to how data is gathered and used online. This issue has only become more complicated as we become even more reliant on digital communication in every facet of life. For business owners, it can be concerning when considering how laws regarding personal information will affect your company and how you market and reach consumers. You need to understand privacy laws if you want to know how they’ll affect your business and what you can do to comply and work with them.
The General Data Protection Regulation (GDPR) originated in the EU and began to be enforced in May 2018. It has changed the way businesses collect, store, and utilize data about their customers. However, few businesses understand precisely what this law means for their business, particularly those that are not part of the EU, but still cater to EU residents. Regardless of your type or size of business, it’s important that you’re informed on the GDPR.
The GDPR provides citizens of the EU and the European Economic Alliance (EEA) with more control over their personal data and requires that their data be securely protected. So, what is this personal data? According to the GDPR, it’s any information related to someone, like their name, address, medical information, IP address, online presence, and many other details related to their identity. There are various rights associated with the GDPR, but some impact businesses more than others.
A couple of these rights that heavily relate to businesses and their efforts to reach consumers are: “the right to be forgotten,” “the right to be informed,” and “the right to object.” What do each of these rights mean? All three of these rights directly relate to businesses at various steps of marketing and the information gathering process. The right to object allows consumers to object to the use of their data for direct marketing; the right to be informed means users must be made aware before their data is gathered and they have to opt in; and the right to be forgotten means that if a consumer is no longer a customer, they can stop a company from continuing to use their personal data and have it deleted.
Businesses must comply with these requests if they’re servicing consumers in the EU.
Maybe you do not deal with consumers in the EU, but similar laws are being proposed and passed in other countries. In California, their California Consumer Privacy Act (CCPA) went into effect in January 2020 and applies to any company conducting business in California and meets one of the three criteria associated with the law (revenue of $25 million or higher, receives information from over 50,000 consumers, households, or devices annually, or receives 50% or more of its revenue from selling consumers’ information). This law applies to online and physical businesses that sell to Californians.
If your business falls under the CCPA, it requires that you disclose what information you’re collecting from consumers and how you’ll use it. You also need to provide users with the option to opt-out of having their information sold and also make it possible to view and delete that information.
Repercussions of these laws
Less than half of businesses that fall under the jurisdiction of these laws feel that they are compliant with them. What happens if a business directly goes against any of the regulations laid out in privacy laws? The consequences can be severe. For violating the GDPR, businesses may be fined up to $20 million or 4% of their worldwide turnover, whichever amount is greater. The penalty for violating the CCPA is up to $2,500 per violation (or $7,500 if it can be proved the violation was intentional). These consequences drive home the importance of understanding whether or not your business falls under either of these laws and what you should do if it does.
An ESET survey revealed just how confused businesses are with regards to the CCPA – 44.2% of businesses surveyed had never even heard of it! While most businesses are aware of the GDPR, many are not sure how to follow the regulations put in place or what it means for their marketing efforts.
If you’re wondering whether or not these laws apply to your business and how they will affect your marketing efforts, Wavelength can help you. Even if your business is not currently affected by online privacy laws, it’s likely that it will be at some point in the future. Reach out today to learn how to protect your company; visit our website or call Gary Peterson at: 717-823-6939.