Data Privacy and Looking Back on a Year of GDPR
We are over a year out from the rollout of GDPR. What does that mean for all the industries who gather user data? What does the future hold for organizations who use data for marketing? And what are the HIPPA violation risks of using SurveyMonkey? Check out this week’s StrategyBytes to catch up on all things data privacy.
Podcast Transcript
LISETTE
Hey Andrew, remember GDPR?
ANDREW
The thing that everyone was freaking out about last year. Yeah, yeah. Wait–is that still a thing?
LISETTE
Yes, Andrew, it’s still a thing. You might have noticed that the increase of pop-ups has faded into the background of standard browsing experience. I don’t blame you for forgetting though, considering the short attention span of the general digital age.
ANDREW
I mean, isn’t that just the way of the world? “Remember that man lives only in the present, in this fleeting instant; all the rest of his life is either past and gone, or not yet revealed.”
LISETTE
(surprisingly impressed) Marcus Aurelius?
ANDREW
The Gram.
LISETTE
Well, life may be fleeting, but your data isn’t. We gave you a bit of a heads up last time on digital hygiene, but this week we’re going to privacy.
ANDREW
Because guess what? GDPR is still a thing because massive data breaches are still a thing.
LISETTE
For those who, well, forgot, GDPR is the General Data Protection Regulation passed by the European Union. It covers data protection and privacy for all individual citizens of the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas. It is mandatory for any entity with clients in the European Union.
ANDREW
So you might know some of the conversation around how it impacted digital when it rolled out. Our developers had to help a number of our clients comply with GDPR basically overnight. But the dust has settled, mostly, so what does that mean for this bigger conversation around privacy?
LISETTE
In July 2019, two separate surveys – one by audit and tax consultancy RSM and the other by data virtualisation firm Delphix – found that 30% of European businesses were not confident they were compliant, and that some businesses were giving their leadership cause to believe they were compliant when this was not necessarily true. This is probably even more of an issue with US-based companies who deal with EU citizens’ data. Part of this is, of course, enforcement of penalties for lack of compliance. But this also says a lot about the state of data privacy in the world.
ANDREW
“Why is privacy of my user’s browser data important?” you may ask. You don’t capture anything super important like social security numbers or credit card information or anything. You just want to know how your users are navigating your site, maybe their email address if they enter it to subscribe to your newsletter. It’s nothing serious.
LISETTE
Maybe not, but the increased focus on ownership of data–and what companies do with that data–means you may have to rethink how you address privacy issues. In marketing, this is a sticky situation. On the one hand, freely gathering information and data helps you better understand your audiences. Giving a user the option to opt out means less information. However, there’s long-term consequences like GDPR compliance and conversations about data ownership like the ones that have been had on the Hill with Facebook.
ANDREW
Customer trust affects your bottom line. As more customers become privacy-savvy, they might start asking how you are protecting their data and how you are using it. Are you just using it for internal market research or are you selling it to third parties?
LISETTE
GDPR compliance might not be on your radar, but there are other ways you can reinforce customer trust in your understanding of privacy and data security issues.
ANDREW
First, have a privacy statement on your website. This is a great, simple way to lay out how you use user data and how you protect it.
LISETTE
Second, make sure you are actually compliant with the laws that DO apply to you. Do you have EU clients, or hope to have them in the future? Get GDPR compliant. Are you a healthcare service? Make sure you aren’t doing things like capturing healthcare data via SurveyMonkey.
ANDREW
Wow. Hello HIPPA violation. Is that actually a thing?
LISETTE
Yep. That’s a thing. Vet your data-gathering systems, folks. Seriously.
ANDREW
Finally, keep up to date on the latest privacy and data security issues that can affect your industry. California is about to pass the California Consumer Protection Act, a similar act as GDPR. Companies that are affected will have to disclose what data they collect from users. So you should probably start to keep track of that now.
LISETTE
In next week’s StrategyBytes, we will explore the interesting (and terrifying) world of Cyber Intelligence, all to lead up to our end-of-the-month interview with Jack Barsky, former Soviet agent and current cyber security expert.
ANDREW
(quiet horror) Surveymonkey though…
LISETTE
I know. Just leave my medical file on the Metro while you’re at it I guess…