By now, you have probably heard about the General Data Protection Regulation (GDPR for short) that took effect throughout the European Union on May 25, 2018. The regulation, which is designed to protect consumer privacy in the EU, has led to questions from small businesses operating in the U.S. about whether they should start preparing for consumer privacy laws.
Notably, the GDPR law is designed to protect European consumers from companies using their personal information without consent, including for marketing purposes. The idea is that consumers must be given the opportunity to willingly submit their personal information in exchange for using a website or service that collects data.
This regulation has created concern for companies doing business in the U.S. about whether they will need to make adjustments to how they collect data about their customers. Most small businesses that serve local customers are not there yet, but we want to give you information on how the regulation could take shape in the U.S. in the years to come.
Does Your Small Business Need to Worry Right Now?
We recently picked the brain of marketing industry expert Joe Youngblood about GDPR to find out how American small businesses should be thinking about the new European regulation.
First, Joe explained that GDPR was mostly put in place to regulate larger American companies like Facebook and Google — plus popular email marketing channels such as MailChimp — that gather data from users in Europe. These companies reacted appropriately and applied the rules and regulations to their business practices.
However, many smaller American-based companies over-reacted to GDPR and implemented unnecessary new policies that do not apply to their business because their customer base does not extend beyond the U.S.
Only companies that collect or use data from EU residents need to worry about this regulation. If that applies to your business, then you will need to make changes, but most small businesses in America do not handle data from EU residents.
It is important to also keep in mind that GDPR is location-based, not citizenship based. You can collect data from EU citizens if they are currently in the U.S., but you cannot collect data from Americans living in the EU.
A1 Remember #GDPR isn’t citizenship-based, but location-based. Collecting data on an EU citizen living in the US wouldn’t trigger it, but collecting data on a US citizen living in the EU would. https://t.co/TyKx9vAtuq #vcbuzz
— Kerry O’Shea Gorgone (@KerryGorgone) September 18, 2018
How To Prepare Your Business for a GDPR Equivalent in the U.S.
Right now, small businesses operating in America that market to American consumers do not need to worry about GDPR. However, data privacy laws are starting to take shape in the United States that business owners should be aware of.
California recently passed The California Privacy Act that has similarities to GDPR. The new law states that California residents have the right to know what personal data has been collected from them and why it was collected.
According to Joe Youngblood, there is a lot of uncertainty about which states will follow the lead of California, but there will likely be protections placed on consumer data to ensure that it is no longer open season for businesses to collect data without consent.
What This Legislation Means for Business Marketing
In the coming years, small businesses will need to be more respectful when handling consumer data to deliver targeted marketing messages to customers.
Remember, today’s younger users of technology and social media will be tomorrow’s customers. And, they will expect to have their privacy respected.
“Business owners should know that younger users are more and more conscious about their privacy than ever before,” says Joe Youngblood. “They often use anonymous apps such as Yik Yak, Whisper, and Snapchat to keep their lives private, while still having the option to share what they choose. This trend in privacy should not be ignored by business owners.”
When considering what action to take right now, you can be proactive by acknowledging the collection of data on your website, but you do not need to over-reach by implementing GDPR collection practices. The bottom line is that this is a new era for data privacy and we have to adapt to the consumer.
If you would like to further discuss the GDPR implications for U.S. businesses or how you can appropriately build your email marketing lists using consumer data, contact the Marketing Refresh team today! We appreciate the opportunity to discuss the present and future issues related to your business.