GDPR Is Coming: Are You Ready?
In the tech channel, we often live by acronyms. You may have heard of the most recent one, GDPR. As a channel partner, I urge you, don’t brush this one aside–especially if you are communicating to prospects and customers in the European Union. If you ignore it, it can potentially cost you.
The EU General Data Protection Regulation (GDPR) is a set of strict new data privacy regulations aiming to protect the personal data of employees, applicants, customers, suppliers, and partners who are citizens of European Union (EU) countries. More specifically, EU residents are being granted the right to access their personal data, correct errors or erase information, limit processing, and request an export of their data from companies. This means companies will have increased responsibilities concerning data protection and privacy in regards to policy, processes, and security measures.
And, companies cannot just plead ignorance in skirting these new rules, as non-compliance will result in hefty fines.
The GDPR was approved and adopted by the EU Parliament in April 2016, and is undoubtedly the most important change in data regulation in 20 years. If you think I’m joking, look at the non-compliance fines of up to 4% of an enterprise’s annual global turnover or €20 million, whichever is greater. This is the maximum fine that can be imposed, with a tiered approach to fines for other infringements. These regulations will be enforced beginning May 25, 2018.
While the regulation has an enormous impact on multinational companies like SAP, even small companies not based in the EU still have the potential to be affected. If you process the personal data of customers, prospects, employees, suppliers, or end users residing in Spain, Germany, Italy, or any other EU country, then you are responsible for abiding by this new regulation.
Now, if May seems far away, it’s not. You can start by taking action now to fully understand the impact and what you may need to tweak in your communications strategy. With proper preparation GDPR can serve as an opportunity for better targeting, improved marketing ROI, and for boosting trust in your brand. Let’s look at some key points and tips to review on your journey.
- If you haven’t done so already, ask what steps your vendors are taking to ensure compliance, especially those that provide contact lists for marketing campaigns or social selling.
- Identify any risks or vulnerabilities in processing and controlling data, confirming an appropriate consent. (For sensitive personal data, explicit consent is required; unambiguous consent applies for non-sensitive data.)
- Evaluate your current business systems and determine if will you need to establish comprehensive programs that are well integrated with existing business applications and audit compliance tools. This may be an opportunity for upgrading to marketing automation tools for greater effectiveness and long-term cost efficiency.
- Understand what constitutes personal data, such as names, photos, email addresses, bank details, posts on social networking websites, medical information, or a computer IP address; remember, it does not have to directly identify a person to be non-compliant.
- And, most importantly, check with your legal counsel to implement governance and secure all appropriate measures before the deadline to avoid financial and legal risks!
Since these privacy regulations will apply to all companies that process the data of EU citizens, regardless of where these companies are located, GDPR may impact the way you and your marketing teams communicate and create touch points with your customers.
At SAP, in addition to preparing our own in-house data privacy operations, we’re doing everything possible to help our partners and customers be GDPR-compliant. With compliance as a top priority, we’ve provided substantial background and information available at SAP.com/GDPR.
Though the solutions in our portfolio cannot guarantee compliance, they can certainly help. As part of our GDPR-ready stack, SAP offers partners and customers Process Control (PC); a wide range of integrated data management and governance, risk, and compliance (GRC) solutions; and Customer Relationship Management (CRM) solutions to track and manage consent requests, aiming to help satisfy the IT fundamentals. Our goal is to give companies the information and tools they need to help satisfy the IT component so they can focus on getting the right people and processes in place.
This is a time to not only ensure that your own systems are compliant, but also to capitalize on the opportunity to help your customers. You need to act today to safeguard against any possible violations.
Want to know more? Check out this FAQ from EUGDPR.org for additional information related to GDPR.
This guest blog is part of a Channel Futures sponsorship.