May 25th was when the GDPR, the General Data Protection Regulation, came into force in the European Union. If you and your suppliers are not GDPR compliant then you could be facing a crushing fine from European regulators.
Your company does not have to have a physical presence in the EU for this to have serious implications for you. If there is a chance that your marketing efforts could touch EU citizens, then you need to be aware of the implications, and take steps to mitigate against any potential issues.
What is GDPR?
The GDPR brought in sweeping changes in Europe in respect to the way businesses, companies and organizations use personal data belonging to European citizens. Essentially, the new regulation is designed to protect individuals, giving people more understanding of how businesses are using their data, and giving them more control over the data that businesses may hold about them.
Those in breach of the new regulations could be facing fines of up to €20 million, or 4% of a firm’s global turnover (whichever is greater).
Non-EU companies, when offering their services to customers in the EU, will have to apply the same rules as EU companies, thus creating a level playing field. This guarantees personal data protection, regardless of where data is stored, processed or sent – including outside the EU, as is often the case on the Internet. You can find out more about the new laws on the European Commission website here.
As a company that operates in both the United States and Europe, we are very aware of what we need to be doing to help our customers, and we’ve been making rigorous preparations for GDPR for some time.
Your call tracking supplier may claim GDPR compliance, but are they?
Some call tracking providers are claiming that it’s business as usual for them, but are you sure they are not simply ignoring the new regulations, or maybe just missed something crucial? From what we have seen so far, it does not seem like many of our competitors are doing enough. You cannot afford to take the risk!
As a data processor (on your behalf), your call tracking provider is responsible for taking many of the necessary actions to support the changes and meet the standards of the GDPR, and to ensure that they don’t get you into hot water. However, you are responsible for checking the actions (or inactions) of your suppliers.
Steps ResponseTap has taken
GDPR is about being sensible and considered in decisions with respect to the data you collect and how you use it. In order to help with these considerations, ResponseTap, has elected to provide different configurations of our data collection to fit in with the various needs of our customers. This gives them more control over the levels of personal data being gathered, processed and stored.
As an example, for European data subjects, a controller needs to consider whether the purpose of the processing can be achieved using less personal data e.g. do you need personal data to work out if a marketing campaign is successful, or what ROI is being produced? At ResponseTap we believe that this is not always the case, so we give you the control over what settings you apply to your account. You can decide whether you want to see personal data alongside your campaign data or not, and even split your decision based on geography i.e. show me everything you can about a US citizen, but anonymize this data if a European data subject may be involved. Clearly, this flexibility will take away a lot of the worry when dealing with European customers.
Additionally, we have considered and found solutions for a range of other important components of GDPR, such as:
- Redacting, removing or obfuscating personal data, so that personal data is not stored when it is not required (data minimization) and employing compliant data security standards
- The ability for users to manage consent, whether this is to gain explicit consent before processing data, or to revoke consent if the data is being processed under a legitimate interest or other legal basis
- The right to be forgotten and data access requests from the data subject
- Access to the personal data in our platform, and any data shared with third party solutions that you may ask us to integrate with
- Where the data is processed and stored. Data stored or processed outside of the EU will likely reduce the options available to legally process the data
- The need to have a compliant contract between the processor and the controller detailing how all personal data will be processed
Does your current provider give you this same level of control?
Talk to us about GDPR and learn more about the steps we have taken to help our customers avoid any nasty shocks.
This blog post is for general information purposes only. Any opinions expressed here are opinions only and any information should not be interpreted as advice and should not be relied upon. You should obtain independent legal advice in respect of the way in which the GDPR applies to your business and how you process personal data. We make no representations or warranties of any kind, express or implied about the information set out in this blog post. Any reliance you place on such information is therefore at your own risk. In no event will we be liable for any loss or damage of whatever nature arising from any reliance on such information.