It’s a confusing and troubling time as Mark Zuckerberg defends Facebook in Congress and Europe prepares to roll out the new GDPR laws. So what is the GDPR and how will it affect your business?

What is the GDPR? 

The General Data Protection Regulation is a law that comes into place in Europe to help give people more control and protection of how their personal information or data is used. The law is set to roll out across the EU on the 25th of May and will protect EU residents and effect companies in The EU, or targeting the EU. EU residents will be given the option to consent to their data being used for marketing purposes or not.

It will have huge penalties for breaking the laws and is giving individuals more rights to consent how their data will be used.

“A new regulation will be put into effect (and thus enforced) on the 25th of May 2018, hopefully introducing a new and better era for personal information security. This regulation is called the EU General Data Protection Regulation or GDPR, and is aimed at guiding and regulating the way companies across the world will handle their customers’ personal information and creating strengthened and unified data protection for all individuals within the EU.”

So why should I worry about this in Australia? 

This will affect all business globally and here is a scenario to explain why:

Imagine you have an email database of 10.000 subscribers. Out of your 10,000 subscribers 12 of your subscribers live in the EU. You use your email subscribers to create a custom Facebook audience—but you didn’t ask the 12 EU residents on your list for consent to use their data on Facebook—you have just broken the GDPR laws.

Now even though this is a very unlikely story that anyone will:
1) notice or 2) complain, the fines for breaking the GDPR laws are huge and would flatten a small business. It’s a big risk!

So where will we see the biggest changes? 

To be honest at this stage we don’t actually know. With the Cambridge Athletica scandal still raging through Congress and data rights being a hot topic, we still don’t have exact answers on what this will mean for small businesses and marketers using platforms like Facebook or Google in future.

So far we know this:

  • Facebook Custom Audience and Facebook Pixel Custom Audiences will require for you to agree that you have legally obtained and are using the data you provide Facebook to populate your email lists. This is Facebook’s way of putting the responsibility back on the “data controller” or the person who gather the data in the first place. So you can still use this feature but you need to make sure your info is GDPR complaint.
  • It applies to Google remarketing and location targeting, as well as some feature of ad words and YouTube ads that include personal detail targeting.

So what do I do to protect my business? 

First of all don’t panic, but do get informed and review your business to see if you have any high risk activities.

Keep reading and stay close to the news from Facebook and Google – notifications will be posted as the changes take place.

If your business targets Europe or trades a lot with the EU, speak to a Data Protection Officer or seek legal advice to ensure your business is up-to-date and ready for the changes as they happen

Further reading on this topic can be found here