If you've checked your email recently (and we're willing to bet you have), this probably looks very familiar:
So what is it? Canadians will probably liken it to Canada's Anti-Spam Legislation (CASL), which was all the rage a couple of years ago. The GDPR, however, is quite different. While CASL governs the way organizations can send electronic messages, the GDPR doesn't deal with spam, but with the collection, storing, and use of Personally Identifiable Information (PII), which is "any data that can be used to identify a specific individual." And the possible fines for non-compliance are pretty hefty.
If your organization uses a mailing list, sells any services or products online, or even has a website that uses Google Analytics, for example, you've probably been paying attention to the GDPR roll-out and wondering whether it affects how you collect, store, and use all kinds of personal user data. The barrage of emails from tools like MailChimp asking "Are you ready for the GDPR?" may have even been causing you night terrors. (We can relate.) The short answer is, yes, it does affect you, even if you don't operate primarily in Europe. But there's no need to panic just yet.
Despite early reports of major companies like Facebook and Google getting hit with multi-billion-dollar lawsuits on day one (yikes), the general consensus is that most companies, even in the EU, are unprepared for compliance and there's a fair bit of uncertainty around how the new regulation will actually be enforced. If you have relatively few website visitors or customers from the EU, there's even less reason to simply admit defeat and microwave all your hard drives.
All that being said, you should be paying attention and thinking about how you can update your privacy and data collection processes to keep up to date with evolving standards and expectations from the public. It's a very realistic possibility that these new rules are on their way to becoming the global standard. Plus, all those tools you use, from Google Analytics to MailChimp, will be making changes that will affect you.
Disclaimer before we continue: BookNet Canada has zero legal expertise in relation to the GDPR and we're not responsible for any actions you take as a result of reading this blog post. For actual legal advice, consult a lawyer!
So what should you be doing? Here are a few steps you can take to ease your GDPR anxiety:
- Lots of people have already written easy-to-read guides to the GDPR, even for businesses in Canada, so we won't repeat it all here. (And we do NOT recommend trying to read the regulation itself.) Read this to get a better understanding of what's happening and what's expected of you.
- Take stock of all the ways your organization collects data, including everything from people making purchases on your website to someone giving you their email address while registering for an event.
- Check with all the third-party services you use to collect data, like Google Analytics and MailChimp. They will probably have some documentation you can read about how they're handling GDPR. Review your agreements and settings with each one.
We can't promise to ease all your GDPR woes with this information, but it's a place to start. At the end of the day, remember that the regulation's intent is to make it easier for people to control who gets their data and what happens to it, which is an idea we can all get behind, fines or no fines.