Does The General Data Protection Regulation (GDPR) Affect NZ Businesses?
Does The General Data Protection Regulation (GDPR) Affect NZ Businesses?
GDPR stands for 'General Data Protection Regulation'. It's a new European law to do with the management of how businesses process and handle data, and it takes effect on May 25th this year.
Here's a link to the GDPR regulatory body >
The question is - will GDPR impact your business here in NZ?
Well, initially it's not going to be too major, because it's only being rolled out in the EU. However, if for example, you have an email database that includes subscribers that live in the EU, then you'll need to comply for those subscribers. Or if you have a website in the EU, and advertising to people in the EU, then you'll definitely need that website to comply.
So if it's a "yes" to either of the above, then you'll need to make sure you understand the requirements and check to see that you're playing by the rules.
If you don't have a website in the EU, but you have some people on your database that live there and that you send newsletters to, and you're using popular email marketing tools like Campaign Monitor, AWeber or MailChimp, then the chances are you're probably already doing many of the things that are required by this new law anyway, so you won't need to worry too much, but best to be sure.
What is the GDPR law exactly?
These days we now create huge amounts of digital information each day, with websites, mobile phones and smart watches all collecting data that could identify us. Most people have no idea it's even happening, but companies like Google and Facebook are tracking so much information about you it's incredible! John Key even came out a few years ago and said these companies know more about all of us than the Government Communications Security Bureau (GCSB) do, (which he was Minister of at the time).
Below is an example that shows you a website that had 38 trackers loaded! That's a lot of different 3rd parties collecting your data from your browser as you surf around the internet and visit websites, you are likely to have no idea!
So a few important people* in the EU got together and developed a new privacy law. This has been put into place to make sure that customers privacy is kept protected, and that businesses are held more accountable for data breaches.
* There were no Russians, and Donald Trump was unaware that this was even happening.
Companies will have to show where customers data is going, how it will be protected and what it will be used for. Personal data will also now include a customer’s IP address. It includes data like social media profiles, your physical location, and interests - which can affect advertising from Google AdWords, Facebook ads, programmatic advertising or any other form of online pay per click marketing.
If companies do not comply with the new law, then they will be fined a huge amount of $$$.
5 key points that companies need to understand:
Customers have the right to be informed: the right to ask you about their personal data, how it is used, and why it is being used at any time.
Customers have the right of access: customers can request a copy of personal information at any time.
Right of rectification: people can update (or request updates to) personal information at any time.
Right of erasure: people may request that you erase their personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
Right to object: people can unsubscribe at any time from emails or communications.
Is this a good thing?
The key objective is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world. So all data which a company collects will have to have been given consent by the customer.
People have pretty much had enough of their privacy being breached. They see advertisers sending them emails or showing them ads and they can't work out how they got their email address, or why they are seeing ads on a website they've just been on, or how that company even knows their home address.
Most people who setup ad blockers are not really doing it to block ads, they are doing it to block their data being collected. We think people have realised that companies are taking their data, sometimes it's being sold to other companies without their consent, or they are continually tracking you and serving ads or sending you things without your permission. The EU have decided to put this new law in place to protect people's privacy a lot more.
What are the key things you will need to do?
All data which you use for marketing will need consent from the customer. You will need to know when the consent was given and understand that this consent will not last forever. This needs to be regularly updated, and can be done by sending an email out asking if they still want to be part of the mailing list.
Customers have to ‘opt-in’ to a mailing list. Many marketers already have that button pre-selected and the customer would have to un-tick the box. Whereas this will have to be changed for the new law.
Customers are able to use the ‘right to be forgotten’ rule. This allows the customers to demand that their data must be erased. This then means that the data held by your company and any third parties who you have passed it onto must have that contact's data removed.
You will need to keep a record of your updated customers list, how they opted in and what date they did this. As at any given time you may be requested to show this information.
Checklist:
Run a "re-permission" email campaign for current EU-based email contacts
Make sure you activate an "opt-in" button
Make sure the cookies are on opt-in before you start to use them for that contact
Create a well thought out system to ensure you collect the right data for when new contacts opt-in to the contact list.
Will this law come to New Zealand?
It could take quite a while to come to NZ, but who knows! We often follow in the footsteps of Australia (apart from ball tampering), so if they implement something similar then no doubt we'll quickly follow.
So, for now, you don't need to be too alarmed, but you should definitely pay attention, as it might be coming to New Zealand sooner than we think, so you may as well start considering the steps your business will need to take and be a step ahead of the rest!