By Kerry Gorgone, {grow} Contributing Columnist
European Union residents trying to access certain websites on May 25, 2018, discovered that they could not do so: they’d been blocked because of new data privacy requirements impacting E.U. residents.
Even though the General Data Protection Regulation (“GDPR”) has been on the books since April 2016, the effective date seemed so far off that many companies procrastinated. As the months passed, they failed to update their data collection practices or create a contingency plan. Then last month, faced with the looming GDPR deadline, some companies decided simply to block E.U. users from their online properties.
Here’s why that’s the wrong decision.
Blocking E.U. residents from your site doesn’t mean you’re safe from GDPR headaches.
First, blocking E.U. people from accessing your website won’t protect you from fines under GDPR. The law also applies to data you’ve already collected, so unless you’re deleting all the user accounts of E.U. residents, you could still be violating GDPR.
In addition, GDPR applies to E.U. transactions even if the participants are located elsewhere in the world. This means that blocking users located in the E.U. from accessing your site won’t completely protect you from GDPR. So, blocking doesn’t work to avoid GDPR requirements. But it does do one thing: tick people off.
Blocking E.U. residents undermines the work you’ve done to build a relationship with your audience (in the E.U. and elsewhere).
Even if European Union residents might comprise a small percentage of your audience, affirmatively blocking any group of people from your website is a bad idea. Either you genuinely care about your audience or you don’t.
If you’re willing to cut loose hundreds of millions of people to avoid having to comply with privacy laws, you don’t care about your audience (or, at least, you don’t care enough). However the numbers pan out when you analyze number of users, customer lifetime value, etc., engaging in this type of dollars-and-cents assessment alienates the people you claim to serve. Also, it doesn’t work to insulate you from risk under GDPR. (See above.)
What’s so bad about data privacy anyway?
There’s little long-term business downside to being more transparent in your data collection practices.
The text of the GDPR legislation requires companies to make sure that people’s personal data is processed lawfully, transparently, and for a specific purpose. In other words, companies should stop collecting data just because they can and, before collecting information, have a use for that information in mind.
After the data breaches we’ve seen recently, the dangers of hoarding lots of data for no particular reason should be apparent. It makes sense to only collect data you intend to use for a specific reason. That being the case, why not work to comply with GDPR?
GDPR also requires that businesses help people to understand why their data is being collected, how it’s being processed, how they can view the information that’s been collected and how to delete it. If there’s a convincing argument against explaining to people what data you’re collecting on them and how you’re using it, I haven’t heard it.
So, if you’re one of the companies that’s already blocked E.U. residents, what should you do?
Get with the GDPR program.
First and foremost, assess your company’s current data collection practices and compare them with the requirements of the GDPR. Don’t forget to look into how vendors or third-party solutions you use handle people’s data. You’ll need to check all your marketing automation systems and database providers.
Create new opt-in forms that comply with GDPR. Be sure to avoid “bundling” permissions.
Consider whether you need a “Data Privacy Officer.”
There’s more, so if you’re not already in compliance with GDPR, study up. Bringing your processes into line will require time, effort, and resources, but if you truly value your audience (or just want to avoid potentially paying millions of pounds in fines), it’s worth the investment.
Kerry O’Shea Gorgone is a writer, lawyer, speaker and educator. She’s also Director of Product Strategy, Training, at MarketingProfs. Kerry hosts the weekly Marketing Smarts podcast. Find Kerry on Twitter.
