When the General Data Protection Regulations hit the streets in the European Union in May 2018, the reaction around the world was mixed. Some large multinational corporations took the new requirements seriously and restructured their data collection and storage processes. Others, particularly smaller companies that didn’t have much business in the EU, simply continued with business as usual.
In the three years since it took effect, however, it’s become clear that all businesses, regardless of size, need to understand what the GDPR requires. The EU is serious about enforcing its provisions.
The Irish Data Protection Commission has fined WhatsApp €225 million, the Luxembourg National DPC has fined Amazon £630 million, and the Italian DPA has fined Deliveroo €2.5 million, among many other fines levied for non-compliance. Although these fines may be negligible to multinationals, smaller companies could be devastated by them. Smaller companies and individuals are not exempt from harsh penalties and the costs associated with defending the charges.
SMS-Magic can help you understand the privacy risks you run, and we can help you manage your text messaging programs. Our products are designed to make it easier to comply with GDPR regulations.
Who is Affected by GDPR?
Of course, companies that conduct business in the EU are directly affected by the GDPR rules. But so are companies with customers in the EU. That could be you. Also, your company might be affected if someone living in the EU visits your website and allows you to install cookies on their computer. The more contact you have with people in the EU, the more risk you assume.
You might not do business in the EU and no one from the EU has visited your website or ordered a product from you. That doesn’t give you a pass.
You still must be aware of the worldwide repercussions from the regulation. GDPR was just the first international privacy legislation, not the last. Other countries, like Brazil, have followed suit with their own versions of privacy regulations, as has the state of California. And three years in, the EU has modified the GDPR to include broader responsibility for managing data safely.
Chances are even the smallest businesses that are active on the web will be affected. How familiar are you with the GDPR?
Lawfulness, Fairness, and Transparency: personal data shall be processed lawfully, with fairness to the data subject, and fully transparent.
Purpose Limitation: The organization shall process personal data concerning the contract or business operation, which are explicit or specified before processing.
Data Minimization: data shall not be held or processed further than is required for the purpose.
Accuracy: data must be updated, rectified, or erased if inaccurate.
Storage Limitation: you cannot keep personal data longer than necessary; your data retention must have a deletion time.
Integrity and Confidentiality: all personal data must be kept secure and protected against theft, accidental loss, unlawful processing, or damage.
Accountability: Organizations must be able to demonstrate that they put appropriate technical and organizational safeguards in place.
What’s New with the GDPR in 2021?
As the EU has updated the GDPR, you need to know what’s changed:
All parties who have access to customer data are responsible for data security. When data leaves your company, the company that receives it is also responsible for it as a “joint controller.”
Special data-collection rules between the EU and US have expired. If you handle data from the EU, you must include standard GDPR contractual clauses in your terms and conditions.
When collecting data, you must have clear and explicit consent for which data you collect and process. You can’t restrict access to your website by requiring a user to accept cookies.
Privacy Regulations Are Here To Stay
If you thought you could simply wait out the implementation of the GDPR and fly under the radar, you might need to rethink your strategy. GDPR is not going away. Indeed, as we mentioned earlier, more countries, states and territories are devising their own privacy regulations.
So perhaps it’s time to review your company’s data collection and processing practices. As part of that review, you should review your vendors’ privacy practices, as well. As a joint controller, your vendors can help you comply or can help put you in harm’s way. At SMS-Magic, we are your partner and have developed our systems to help you comply with privacy regulations.
Tracking Explicit Consent
With the changes to the GDPR, you must keep track of who has opted in and who has opted out of your text marketing campaigns. You must have explicit consent to collect and process a customer’s personal information. You’ll also need to track who is already in the system to keep one person from opting in multiple times, and you’ll need to be able to erase a person’s data from all parts of your system, if requested.
SMS-Magic can make compliance easy, particularly if you’ve tied your text messaging campaigns into your CRM. No matter what industry you’re in – banking, higher education, hospitality, finance or others, we’ll help you keep up with customer permissions as they opt-in (and perhaps opt-out) of your messaging campaigns.
SMS-Magic is designed to track opt-in and opt-out requests so that you send only to the customers who have specifically asked you to. Our back-end systems are structured so that we can display individual requests, and we can prove you’ve complied with customer requests. You won’t have to worry about regulators asking to see your records. We use on-going processes to collect and store information about distribution and can share it with regulators, if necessary.
Protecting privacy is a complicated question, but with the right partner, the answer can be simple. Let SMS-Magic help you reach your customers while you’re protecting their privacy.
Contact us to set up a demo or to start your free trial. Let us show you why your compliance worries will disappear with SMS-Magic!
