If you’re having a hard time wrapping your head around the latest data and privacy regulations, you’re not alone.
There’s the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and the newly introduced New York Privacy Act with more to follow. What are they and what do they mean for you and your customers? What do you need to know? What do you need to do? What are the implications if you don’t comply? The following are some general guidelines and tips to help answer these questions.
WHAT YOU NEED TO KNOW
If you’re running a loyalty program, you hold one of the most precious assets your company has: your customer relationships. Members provide their information to you not just to enjoy program benefits, but because they trust you. They trust you to use their data with their interest in mind. As a loyalty marketer, you play a critical role in your company’s relationship with customers. Therefore, in addition to ensuring you’re taking all the necessary steps to preserve and protect their data, your company at large needs to do the same or risk breaking your members’ trust, ruining its reputation and paying monstrous fines.
REGULATIONS AFFECTING AMERICAN BRANDS
The European Union’s GDPR went into effect just over a year ago. The regulation is intended to protect EU individuals, regardless of whether the brand doing business with them is in the EU. If you collect, store, use or share the data of an EU resident, your company is subject to the rules of GDPR. GDPR put in place strict rules requiring companies to disclose their intent and ask for explicit consent. Even though GDPR is an EU regulation, companies who fail to comply can be fined regardless of their location. Shortly after GDPR was implemented, California passed CCPA, which is scheduled to go into effect in January 2020. Most recently, New York’s Privacy Act was passed, with other states and the federal government considering similar legislation. Sources say that data privacy regulation, globally, will continue to increase over the next five years. Because of the many well-publicized breaches of data security, customers are quickly coming to demand government regulations to protect their privacy. This movement will continue to grow, as will the number and type of agencies acting as watchdogs.
Learning the Hard Way
GDPR was confusing and hard to decipher, particularly for many U.S. businesses who didn’t conduct business in the EU, leaving many unsure of their responsibility. But as noted above, the regulation places responsibility on the marketer to comply with the rules. Google learned this the hard way, being the first U.S. company fined for noncompliance. The French data protection authority fined Google approximately $57 million in January of this year for not properly disclosing to users how data is collected across its services to present personalized advertisements.
What Do I Need To Do?
All the regulations and legalese can be a lot to process; even figuring out where to start can be a challenge. The following is a quick guide to help you figure out what you need to do and where to direct your attention. (NOTE: These are general guidelines to give you a sense of what you need to do and why. Be sure to consult your legal team for specific counsel).
- Define what data you’re collecting and what you’re doing with it.
Many companies collect customer data across different sources, sometimes without fully knowing what data they’re acquiring or why.
- More isn’t always better.
Simply put, don’t collect data you don’t need. If you don’t know how you will use the data, then you probably don’t need it.
- Assign someone to oversee data privacy.
These regulations can be complicated and some even require a Data Protection Officer.
- Collaborate with your vendors and partners.
Make sure you’re all on the same data privacy page. You may be responsible for your vendors’ and partners’ data protection practices if you own the relationship with the customer.
- Tell customers what you’re doing and why.
Being transparent with your customers is good for your relationship – it lets them know what you’re doing with their data and how they benefit by sharing it, which helps instill trust.
What If I Ignore These Privacy Policies?
Ignoring these policies and regulations won’t make them go away. Noncompliance could negatively impact your reputation and relationships with your customers. It may be possible to avoid the new protocol necessary to adhere to data privacy and policy regulations, but there are inherent risks. The recent influx of data breaches in the news has made customers more savvy about their data. In addition to avoiding fines, it’s important to protect customer relationships. New data privacy policies and regulations offer loyalty marketers the opportunity to advocate for and protect their customers and their members – visibility and transparency show them they come first, even when you’re protecting your bottom line.
Review the data you’re collecting, talk to your company’s compliance officers, consider your brand’s reputation and communicate with your customers!
Once you’ve buttoned up your data privacy measures, it’s important to look at the data itself that you’re collecting. Read our thought leadership on first-party data integration here.
