Contact Us 1 (905) 286-1991
Gain marketing insights, consumer behaviour trends and creative inspiration from team BTI
Newsletter Signup
Newsletter Sign-up
Subscribe to our newsletter to gain marketing insights, consumer behaviour trends and creative inspiration.

*By clicking the submit button, you agree to receive newsletters and informational emails from BTI Brand Innovations.

Posted by Eno on July 16, 2018


Why did every mailing list you’ve ever signed up for decide to send you an “Updates to Our Privacy Policy” email all at the same time? Better yet, did you read the updates!?

Probably not. But don’t fear, #TeamBTI is about to break it down for you.

What’s the 411?

This May, the European Union launched the General Data Protection Regulation (GDPR). This is a set of privacy rules set by the EU, but it has global implications that most businesses with a website should be aware of.

More specifically, no matter your business’s location, if you have offices and/or employees in the EU, offer goods or services to individuals in the EU over the internet, use cookies on your website to collect personal data from individuals in the EU, or if you process personal data of individuals in the EU on behalf of someone else, you’re going to want to give this a quick read.

(Image Source: European Commission)

Unlike CASL in Canada, which is more of a series of consent-based regulations, GDPR focuses on personal data protection which includes both names and addresses, but also gets as detailed as an individual’s shopping habits, cookies and IP address. At this stage in an internet-dependent 21st century, you might imagine the astronomical value behind all of this data. This said, businesses are truly taking a loss with the reduced ability to collect such data, while consumers rejoice at higher privacy regulation and peace of mind while browsing and posting online.

Facebook has recently been under fire by the U.K. Commissioner’s Office because of their controversial business with Cambridge Analytica back in 2015. The social network giant was accused of sharing data of up to 2.7 million Europeans with Cambridge Analytica, the company that consulted on the Trump Presidential campaign. (AdAge)

This opens the floor to a discussion about a larger issue, as Facebook has been systemically misusing data over the years, amounting up to 87 million users’ data on the social network. Although Facebook has yet to conduct an internal audit, the U.K. ICO has already suggested a fine of about $664,000– and this is based on pre-GDPR regulations! Since this occurred in 2015, the GDPR policy cannot retroactively punish Facebook. But if this were to happen in the present day, the U.K. ICO could levy as much as 4% of the business’s annual sales across the globe. Facebook made $40 million in 2017. (AdAge) You do the math.

How does this affect my business?

The negative repercussions that Facebook is facing for their data practices from a pre-GDPR web, 3 years ago are indicative of a systemic shift in the way data will be handled in the future. The web is changing, and this should be an early warning to every business on the internet, to either comply or shut down.

The internet as we know it is about to undergo a massive change. Long gone are the days when you may get duped into accepting the fine print on a privacy policy that you never read. Long gone are the moments where Facebook would slyly convince you to allow a certain app to access your data and use it for unspecified reasons. Under the GDPR, individuals across 28-member countries in the European Union will be protected from this “selective truth”. The idea behind the policy is that websites will need to carefully spell out what data will be collected from an individual, how it will be used, how it will be analysed, and whether it will be shared with third parties. When the policy was created, it was done so in efforts to make sure that online users are completely complacent in what their data will go to or be used for when they accept the online policies.

The internet is a global entity, it doesn’t belong to any one country, nation, or group of countries. It’s constantly evolving and although the GDPR is an EU specific policy, we will see global social networks, news sites, and content sharing platforms change their current policies and data mining strategies to comply with the new laws.

As of the end of May, Japan, South Korea, and Brazil are already prepared to follow Europe in passing similar laws regarding data protection. Trade embargos are being used as an incentive to encourage other countries to follow Europe.

Finally, we will see a shift in the way that targeted advertising functions in the future. As businesses will not be able to mine and utilize as much data as in the past, they will either have to innovate in the way they target customers, or the modern targeted ad model will be a thing of the past.

I’m Canadian Though...

How does this affect us living here in the Great North? The principles of "privacy by design" has been recognized in Canada since the 1990's. The concept details the future of privacy and how it cannot be assured solely by compliance with regulations.  So, it’s particularly important for businesses to apply appropriate technical and organizational measures to safeguard consumer data. Here are some best practices for you to consider: 

  • Proactively updating IT systems to be hack-proof which includes software updates, implement new techniques, etc.
  • Effectively updating your privacy policy, company policy or marketing strategies to govern all consumers data related activities and procedures;
  • Auditing your data on a regular basis

The Cost of Non-Compliance

(Image Source: Forbes)

The cost of non-compliance is astronomical. After a series of warnings and data processing suspensions, you or your business could be fined up to $30 million CAD. It is also worth noting that, if you fail to report a data breach that is likely to jeopardize the rights and interests of your European customers within 72 hours, the penalty will increase - that is NOT a lot of time. 

Some businesses might be concerned about paperwork, staff training and budget calibration, etc, but it’s time for you to step up your game on privacy compliance.

Proactive business owners will ensure GDPR compliance by being proficient in documenting data flow, updating their terms of services and privacy policies, auditing their recording policies, and training employees in privacy and data sensitivity.

Is your business GDPR compliant? Contact the team at BTI for an internal audit and professional guidance.