On May 25, 2018, the European Union’s historic data reformation went into effect.
Better known as GDPR, General Data Protection Regulation introduced new oversight into how businesses operating on EU soil needed to handle and protect consumer data. Despite the fact that these policies didn’t immediately affect American citizens, the ripple effect could be felt across the entire digital landscape.
What does this mean for the future of your personal data? What does this mean for your business? What does this mean for our economy?
Let’s dig into this one piece at a time.
Trust in the Modern Era
“The digital future of Europe can only be built on trust,” said Andrus Ansip, vice-president for the Digital Single Market in December 2015, just after the EU came to an agreement on the basis of GDPR. “With solid common standards for data protection, people can be sure they are in control of their personal information.”
Ansip’s comments make (and made) plenty of sense. It’s likely, however, that his response was reactionary rather than proactive. There’s an argument to be made, however, that the EU’s policy change—which was first proposed in January 2012—was too late.
91% of U.S. adults felt consumers had lost control over how their info is collected/used by companies, according to a report published by The PEW Research Center. In the same report, though more than half of participants acknowledged the benefits of personal data sharing, 61% of adults “disagreed” or “strongly disagreed” that providing personal data in order to access efficient services was a fair tradeoff.
Clearly, Americans are on the fence about where they stand on data privacy and it’s complex relationship with their modern lives. While consumers should certainly be aware of how their data is used, the burden of proper usage and protection falls squarely at the feet of the businesses with whom they interact.
“Your trust is at the core of our service.”
That was one of the quotes from Facebook COO Sheryl Sandberg immediately after the Cambridge Analytica scandal. Considering that Facebook has experienced two more data breaches since this statement, Sandberg’s words ring hollow.
Between 2017 and 2018, more than 644.13 million records were breached or exposed. The five companies with the highest-profiles to suffer from these breaches were:
These are massive companies with vast resources to devote to consumer protection. And yet you could likely list off at least three of these scandals without much effort. The companies listed above, along with thousands of others, have been compromised. But it’s not just because of their failure to protect your data.
They’ve failed because they’ve broken your trust.
Do You Trust Me?
Whether they know it or not, this is a question people ask and answer subconsciously, every day, in every interaction. It’s often a gut reaction based on a variety of factors. In the world of business, many of those factors revolve around actions and reputation.
While we don’t operate on European soil, the people who make up NetLine take your trust and your data seriously. With this in mind, along with our desire to always be ahead of the curve in protecting our clients and their customers, NetLine became GDPR compliant. It’s also why we became Privacy Shield Certified, leaned in on Brand Safety, and are more than ready for the California Consumer Privacy Act (CCPA).
We’ve tried to document our journey to modern privacy compliance so that your prospects are protected and so other B2B businesses can follow the same path.
The 4 New Rules of Data Compliance
To be a thriving B2B business in 2020 and beyond, gaining the trust of your customers and prospects is a must. With this in mind, let’s review the modern rules of consumer data and how your business should navigate these new obstacles.
1. Collect and Use Only What You Need
In light of the Cambridge Analytica scandal, Facebook has been conducting an investigation into millions of apps on its platform. According to Facebook’s blog, the company has since suspended tens of thousands of apps for a variety of reasons. Its users, however, have no idea what these apps may have gleaned away from our accounts while Facebook turned a blind eye.
As tech author and podcaster Mitch Joel shared in a recent interview, “I feel like we’re just skimming the surface of all this stuff we click on, like, share, add, and do, and suddenly these third-party apps come in and take a lot of our information … Who knows where your data goes—only the shadow knows.”
Call me crazy, but that shadow sounds scary.
One of the things that separate NetLine from our competitors is that we use an 18-point professional profile. While this might seem like a good bit of data, there are few things to keep in mind:
- Any of the data we collect is upfront and isn’t snatched away from you behind the scenes.
- Some of this information is pre-populated based on your IP address and company email or any other information you’ve shared with us previously.
The long and short of it is that we only ask for data we need to make the experience worthwhile for every party involved. While NetLine is in the data collection business, we’re only focused on the data that is absolutely necessary, first-party provided, and fully permissioned to provide qualified leads to our clients.
If your B2B business is collecting customer information that’s irrelevant to your line of work just because you can, the only thing you’re doing is adding to your risk without any chance of reward. Don’t jeopardize your good standing with your customers and/or the future of your business for a few more megabytes.
You wouldn’t want to be part of the shadows now, would you?
2. Don’t Sell Customer Data
How many times have you received information from a company you’ve never interacted with?
There’s perhaps no greater turn off for prospects than an unsolicited message from a company. This may have worked wonders in the mid-20th century, but modern marketing has left this practice in the dust. Still, plenty of businesses buy data lists with the intention of reaching out to consumers completely out of the blue.
Unless you’re completely transparent about how your customer’s data will be subject to outside companies, you have no business selling it to a third-party. Even then, it’s likely that the motives and the means through which this data was obtained were murky at best. Do your business a favor and keep your customer’s data to yourself.
NetLine’s privacy policy, for example, spells out how we conduct ourselves: “NetLine is the sole owner of the information collected on this site. We will not sell, share, or rent this information to others in ways different from what is disclosed in this statement.”
Under the Client e-Marketing Campaigns section, we disclose the circumstances under which data is revealed (shared). Even in this section, however, we reiterate our point of view: “Confidentiality of the client list is a top priority.”
Anytime you need information from a customer, be sure that you’re clear on how and where it will be used. Restate the benefit(s) they’ll receive by providing this data and be sure you’re not leaving anything…in the shadows.
The E.U., Canada, California, Nevada, New York, and Maine have or will soon have separate privacy laws. Read them and decide if and how you’re going to comply with them. #CMWorld
— Ruth B. Carter | Lawyer, Speaker, Author, Geek (@rbcarter) October 15, 2019
3. Make Sure Consumer Data is Secure
The idea behind GDPR was that one, singular authority of regulation would ensure “data protection by design” across new products and services. This is what also inspired California to create CCPA in order to give consumers confidence that their data would be handled with care.
To accomplish this, techniques like pseudonymization (a process which disassociates specific individual’s data and is then replaced by one or more pseudonyms) have been introduced to help businesses achieve new compliance standards.
In order to benefit from collecting and analyzing personal data, while keeping the privacy of your customers protected at the same time, these are the types of initiatives businesses must remain aware. Although some groups have argued that this practice is too little, too late (given the number of internet-connected devices), pseudonymization is a step in the right direction.
4. Keep Your Employees Up-to-Date
With all of these new regulations and standards of compliance for businesses, your employees play a key role in safeguarding your company and its consumer data.
As simple as it may seem, the first step is making sure that everyone understands strong passwords matter (you’re welcome IT team 😉). While it would be convenient to have one password for every work-related login, it’s simply not safe.
For example, NetLine needed to make sure each of its employees understood their role in keeping consumers and the company secure. Our technology team reviewed basic data policies and how they had been augmented to add additional protections, how password requirements had been elevated, and how data should be handled if it needs to be shared.
Despite the fact that each new employee adds an additional degree of complexity to your data protocols, each team member wants to be part of the solution. By getting your employees to participate, you’re not only doing what’s necessary to become compliant, but you’re also involving them in the future of the business.
Adjust to Trust
Ultimately, you want to be seen as trustworthy in the eyes of your customers, employees, and the governing bodies of the new, privacy-focused frontier.
To do this, follow the steps required to become compliant under GDPR, Privacy Shield, or CCPA. Beyond this, be upfront with your customers about where their data is, what’s used for, and how you’ve secured it. Talk with them about how you can improve and which companies they trust most.
Getting this right is an ever-evolving process that will never be complete. The willingness to adjust and be ahead of the curve to keep customers safe is something your customers will respect. Hopefully, it will lead them to advocate for you and share how you go above and beyond to protect them.
So long as you keep your data policies out in the open, you’ll stay out of the shadows.