Europe’s landmark privacy regulation, GDPR, celebrates its first anniversary on May 25. Established to give Europeans more control over their personal data, the regulation has had a much more expansive reach due in part to the open nature of the Internet.
In its infancy, many wondered if the sweeping changes could be effectively implemented or enforced, and many debated whether the EU was building a wall between itself and the rest of the connected world. The conjecture was that many businesses outside of the EU would cease offering their services to EU member states rather than to spend the money and risk the fines associated with GDPR compliance. In some cases, this did happen with numerous companies attempting to block EU based IPs from visiting their websites and even shuttering their European operations altogether.
Such attempts to bifurcate services in order to avoid the burden of compliance have largely proven futile. One year later, it’s clear that GDPR is undoubtedly the new reality and has become the gold-standard of privacy regulation globally. According to research conducted by the International Association of Privacy Professionals, over 144,000 individual complaints have been received by EU data protection authorities, along with over 89,000 data breach notifications. Companies have also worked hard to comply, with 500,000 organizations estimated to have registered Data Protection Officers.
GDPR around the world
Thanks to GDPR and the attention it has received, individuals have a better understanding of the importance of protecting their personal data and their rights associated with that data. As a result, other countries are modeling their own privacy laws after GDPR, including in the U.S. where the rapid introduction of, and support for state and federal privacy laws is at an all time high. California has already passed one of the strictest state regulations, the California Consumer Privacy Act (CCPA), which brands will need to be ready for in just a few months. With enforcement set to begin January 2020, CCPA establishes a fundamental shift in the marriage between privacy and personalization. Brazil, Japan, South Korea, and India are just a few of the other countries seeking to protect the privacy of their citizens by creating or updating their own data privacy regulations.
Do we need laws to protect our privacy?
While a customer’s data privacy may seem like a fundamental right, it’s not so cut and dry. Dedication to protecting one’s online privacy was once just a talking point to earn business. The conversation has shifted from lip service to actual, demonstrable privacy protection. Historically the line was blurred in not only how a company sought permission to access data, but also in how that data was used and whether or not it was sold (with or without the customer’s permission). While it’s imperative for businesses to understand their customers, it’s equally important that customer insights are achieved through an honest and transparent process.
The shift in methodology from data collection being a free-for-all to one built on trust is necessary for today’s business environment. When a company takes thoughtful consideration to how they earn consent and how to collect and use the data, they are saying that the customer experience matters. A customer’s trust in your business matters. When you take meaningful steps to gain customer insights through a transparent and iterative process, you are providing a better experience and building a customer’s trust.
Companies shouldn’t seek to comply with privacy laws solely because they are, or are about to become, the law. Brands should recognize the mutual benefit of respecting their customers’ choices and desires as they relate to privacy and their relationship with the brand. By endeavoring to truly understand what the customer needs, businesses can provide personalized service without compromising privacy. When the focus is taken off of the data and shifted onto the customer, a deep level of trust is established between the customer and the business.