Nathan Sykes
March 19, 2018

How Will GDPR Affect US Marketers?

What US-Based Businesses need to know about GDPR

Have you heard of GDPR? Well if your business holds any Data on residents of European Union countries, you had better start reading soon. You are affected and must take steps to be compliant.

What Marketers Need to Know

Let’s start with the key points before going into any details.

Here are some high-level bullet points:

  • Transparency is key when it comes to data collection and usage
  • For more unconventional means of data collection, such as voice recognition technologies, the need for transparency might even be greater
  • Companies should give customers data usage options that combine personalization and privacy to various degrees
  • U.S. marketers who deal with EU customers will have to provide specific instructions to consumers on how to give consent to their data being used
  • The financial and medical industries will be the most scrutinized since the data collected in those sectors are deemed extremely sensitive
  • U.S. businesses will have 72 hours to report data breaches to a regulator or must pay a fine equaling 2% of their global revenue
  • Not complying could significantly impact a business’s bottom line

What US-Based Businesses Need To Know About GDPR

May 25th marks the deadline for General Data Protection Regulation (GDPR) compliance. From that date, any companies processing personal data of European residents need to comply with GDPR’s new standard for consumer data rights. Failure to do so puts them (and perhaps you?) at risk of stiff penalties.

In response to GDPR, many businesses are wasting no time changing policies and infrastructure to ensure compliance. In addition to GDPR compliance being mandatory for all 28 EU member states, the impact of it on U.S. businesses and marketers is notable.

According to an Ovum report, 85% of American companies view themselves at a disadvantage to European companies regarding GDPR compliance. Most U.S. marketing companies process the personal data of European residents visiting their websites and browsing their products. Even if a business’ market is predominantly not in Europe, GDPR compliance is necessary.

Marketing and consumer data go hand-in-hand, helping marketers optimize their time and resources through increased personalization and a firm grasp of market trends. As a result, GDPR’s impact on the handling of consumer data will have a major impact on U.S. companies and their data strategies.

Call for Greater Transparency

U.S. marketers are embracing greater transparency in telling users what data they have and how they use that data. For example, Google lets users switch on and off certain data tracking, such as videos watched, location and search history.

Google CMO Lorraine Twohill regards greater transparency with customer data as good business sense. All the more so with the looming GDPR compliance deadline. Many U.S. businesses remain unsure of how and if they will be fined for specific infractions. Therefore, taking a practical approach to enabling more user control of data tracking is prudent.

The sheer publicity of GDPR will likely prompt U.S. and European users alike to ask questions of their social media platforms, email providers and general websites regarding what data they store and how they use that data. As a result, companies like Google that take a proactive approach are trying to stay ahead of the curve. For U.S. marketers, being transparent regarding data collection and usage is similarly practical.

Emerging Forms of Data Collection

As voice recognition technology continues to become more prevalent in aspects like digital assistants, marketers have interest in data collection for voice and video. While consumers may anticipate their browsing history on certain websites to be part of data collection, they may not be aware of marketers capturing voice data in data mapping efforts. As a result, it’s likely that U.S. marketers will include prominent disclaimers when collecting data – especially when it’s beyond conventional means.

GDPR will likely prompt more consumers to ask in detail about their data usage and which companies have access to that data, especially since the U.S. has lax data collection laws compared to the EU. GDPR may serve as a wake-up call to U.S. consumers regarding how stingy they should be with marketers collecting their data. In response, U.S. marketers should place visible emphasis on transparency.

Consumer Privacy Value Exchange

U.S. marketers will work to decide the proper threshold for a personalized experience against how much data users are willing to provide. Personalization is only possible with sophisticated data usage. However, some consumers may understandably be wary of sharing such data. As a result, giving users an option between personalization, privacy and somewhere in between is logical.

A user opt-in that results in a more personalized experience is akin to a value exchange. Providing users receive a better experience in exchange for their data, may be construed by some as a win-win situation.

A Widespread — Though Not Entirely Comprehensive — Impact

GDPR will impact a strong amount of U.S. marketers, though not all of them need be concerned.

Specifically, if an English-language website is written for U.S. consumers or B2B customers, without referencing EU users and customers or providing a viable way for EU users to process payment, then GDPR does not apply.

However, marketers doing work for brands that aren’t too focused on geographical specificity should pay close attention to GDPR. For example, U.S.-based travel, software services, hospitality and eCommerce companies may express that they cater to a clientele beyond the U.S. in their online presence and approach.

As a result, U.S. companies need to pay close attention to the wording on their website. If they are catering solely to U.S. customers, then they are likely to strive hard to say as much. Restricting payments from users outside the U.S. is another logical method to remain outside of GDPR’s scope.

U.S. marketers who deal with EU customers must provide specific instruction to acquire consumer consent. Per the GDPR, this must be “freely given, specific, informed and unambiguous.” A company will have to clearly inform EU users what they are doing with their data. There may be no burying of details in a bunch of legalese in small text.

Whether a marketer is using data for email promotions or sharing with a third-party, GDPR requires transparency in requesting permission from the user to collect and use that data in such a way. Fortunately, many marketers already follow existing data security standards like ISO 27001 and NIST. Compiance with either of these will make following the GDPR more of a continuation than something entirely new.

Data Sensitivity

The GDPR does not treat all data types as the same. Certainly, it makes sense that someone’s age is less sensitive than medical or financial data. Specifically, medical businesses like hospitals must take caution when choosing to use customer data in marketing efforts. GDPR views medical and financial information as very sensitive, as well it should.

Medical or financial information regarding children is particularly sensitive. This must require notification to an EU regulator or authority within 72 hours. Information that is high risk to property and privacy rights, such as an account password or credit card number, also requires notification.

Penalty Enforcement

U.S. marketers have numerous questions about how the EU will impose penalties on U.S. companies. Hefty fines seem certain.

If a U.S. business does not report a data breach to a regulator within 72 hours, they must pay 2% of global revenue.

Even corporations as large as Alphabet, Google’s corporate parent, are at risk of incurring GDPR fines of this level.

Not complying with GDPR can result in substantial fines and negative press, impacting a business’s bottom line significantly. U.S. marketers should show caution with GDPR looming.

Notifying customers of their data usage is a prudent response, as is providing them an option based on a privacy value exchange.

Certainly, some U.S. companies may have to adjust website wording, marketing, and Data collection strategy. However, for those not leaving things to chance, their businesses will proceed without ant adverse impact.

Over To You

Have you done anything to make your business GDPR compliant? Do you have any simple pointers you can impart to your fellow readers? Please leave them in the comments section, below.

Featured image: Copyright: ‘‘ / 123RF Stock Photo

Sign Up For Our Mailing List

To receive more in-depth articles, videos and Infographics in your inbox, please sign up below

The following two tabs change content below.
Nathan Sykes enjoys new technologies and the ways in which they can be used to enhance business strategies. Follow him on Twitter to stay up to date with his latest articles.