What are data privacy laws?
Data privacy laws prohibit the misuse of information that is gathered about individuals. Laws may vary by country, but if your business extends into other countries, you can potentially be taken to task for some of their regulations. For example, if you’re a US company that sells products or collects data from EU citizens or provides data to companies in the EU, you might be affected the General Data Protection Regulation. The General Data Protection Regulation (GDPR for short) is a set of EU regulations taking effect on May 25, 2018.
The GDPR covers a myriad of topics: the responsibility and accountability of those who gather information, how companies handle data breaches, and how data should be provided to individuals at their request.
As a result of these regulations, companies need to come up with a plan to balance the needs of the business and the needs of the user. Even if the company is based in the US, that business can have users abroad, so it’s best to take these regulations into account.
Why should you care?
Protecting the interests of your users is always a sound business strategy. Look at it this way: when someone asks for their information, it’s not a personal attack on your company—they want to ensure that the information that you have is accurate. Users that go out of their way to request information are usually tech savvy individuals, and having a plan in place for when a user requests information shows that you have their best interests in mind.
Accountability for your user’s data also means that you should be transparent when there are problems such as a data breach. Getting ahead of things and communicating to your users when there are such problems can prevent further headaches—requests for information usually increase when there is outside press.
Companies that fail to comply with these new regulations could face fines. The French Data Protection Agency recently fined Google €100,000 for not scrubbing web search results enough in response to a European privacy ruling.
The GDPR has even steeper fines, requiring you to respond within a month’s time and providing the data in a portable format (such as XML). Breaches of some provisions could lead to fines of up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater amount. Just to put that into perspective, Google had a revenue of $74.54 billion in 2015, if they were found to be in violation of some of these provisions, they could be facing fines up to $2.9 billion.
How do I come up with a plan?
There are a few points to keep in mind when you’re coming up with a plan to better serve your clients information needs:
- What information are you collecting about your users?
- Where is this information stored?
- How is that information being used?
- How are we going to get this information to a user in a timely fashion in a format that they can easily read?
Tracking down all of that information can be daunting, as it could be fragmented throughout your CRM, analytics, and random databases. If you’re using a CMS such as Sitecore, finding your user data becomes an easier mountain to climb.
Using Sitecore’s xDB can allow for the collection of all that data in one central place, using a noSQL database. From analytics to personalization, it can be your one-stop shop for all your users’ data.
Sitecore xDB allows for a 360° view of all of your customer interactions, and it tracks each individual customer. This is extremely valuable once you associate a user profile to an individual browser session. The data is stored for as long as you want and allows you to configure how long between requests for consent. This provides you with the flexibility to respond to requests for data efficiently and effectively.
The platform is extremely flexible, allowing your organization to tailor it to your specific needs through custom development efforts and third party integrations.
Additionally, Sitecore announced xConnect in 2016. This is Sitecore’s API for exchanging data with the xDB. Scheduled for release with Sitecore 8.3, it looks to be a promising tool in gathering data from all of your third party applications and putting them in one central repository.
Clients are concerned that they’re going to be caught between a rock and a hard place when data regulations come knocking. May 2018 is right around the corner, but as long as your organization can take the appropriate steps to plan for these regulations, you can know that you’re taking steps to make your users feel safe.
European Union Reference Site: http://www.eugdpr.org/
Google Compliance Help: https://support.google.com/work/answer/6056694?hl=en
Sitecore Experience Profile: https://www.sitecore.net/products/sitecore-experience-platform/customer-intelligence/customer-profiling.aspx