One size fits all does not apply to GDPR. While the legislators appear to have covered every element of the individual’s privacy rights, there are many ways to customize GDPR to your industry and your corporate culture.
Before you rush off and start changing your technology and systems around data capture, management and processing, you must first decide on what legal basis you plan to collect and process personal data. GDPR sets out six such bases, with three available to private businesses,. Your choice of legal basis will determine what needs to change when it comes to your approach to European data.
GDPR may not be as daunting as you think.
Having said that, compliance is the smart strategy to manage business risks. The fines can be huge (up to 4% of your gross annual revenues) so the risks must at least be reviewed for your circumstances. On the tail of GDPR comes ePrivacy, which regulates how we communicate by email, SMS, fax, direct mail, and fax marketing. The more we use data for marketing, the more regulations we’ll encounter – and the more compliance we will need to implement.
Join Derek Lackey, President of the Direct Marketing Association of Canada, as he explains the importance of making important decisions early in your compliance efforts if you are doing business in the EU.