You’ve probably heard about GDPR by now. But if you haven’t, here’s a quick recap: GDPR went into effect on May 25, 2018 after being approved by the European Union’s (EU) Parliament. Its goal is to better protect citizen privacy and information. For businesses, that means stricter data regulations and restrictions. So it encompasses areas such as storing client information, using security cameras, telemarketing, social media, and email marketing.
In short, GDPR is kind of a big deal.
According to EUGDPR.org, “The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years.”
Yep—the single most important data change in two decades. In a digital world where companies deal on the daily with prospect and client data, you can see how this might disrupt marketing everywhere. And crash some parties.
Basically, if as a business you process data or have any dealings with EU citizens, you must abide by GDPR regulations. Even without a physical presence within the EU, you will still be expected to comply, unless you can guarantee you will not interact with an EU citizen.
Now you might be thinking, especially if your company operates outside the EU, that you’ll take the risk. You might want to think twice about underestimating GDPR. Because, well, it’s “kind of a big deal.” Just ask Google.
The French Government sued Google for failing to properly disclose how they collect a user’s data and use it afterwards. GDPR ended up costing this website giant $57 million. The Google GDPR lawsuit is a warning to all companies. To avoid lawsuits and fines, businesses across the world must adopt GDPR standards. Failing to comply could result in fines of $22 million, or 4% of your annual income.
Quick GDPR Guide
Well, if you’re still reading this, you probably realized your company needs to comply with GDPR. For most businesses, the number one important way to comply to GDPR is to gain consent to use personal data. This means disclosing the following information:
- Who you are
- Why you are processing the data
- What the legal basis is
- Who will receive the data (if applicable)
Along with disclosing this information, you also need to obtain consent. According to the EU Commission, the consent should be “given by an affirmative act, such as checking a box online or signing a form.”
With such a drastic change in data processing, many CRMs have adapted to make GDPR easier for companies. Social media and marketing automation platforms in particular have made changes to help you become GDPR compliant. For example, the email marketing platform Mailchimp has GDPR-friendly forms available that you can customize to meet your company’s legal needs and standards.
Apart from digital contact, businesses that attend trade shows have an entirely new problem. How can you be GDPR compliant at trade shows when you interact with hundreds of prospects face-to-face?
GDPR and Trade Shows
Trade shows are hectic. Your sales team will encounter tons of people and exchange conversation and conversation. Meanwhile, you’re busy with the logistics of setting up the booths, designing displays, handling travel arrangements, tracking expenses, juggling events, solving last minute problems, etc. With so much going on at these events, focusing on GDPR is probably the last thing on your to-do list. We definitely get it.
But procrastination could majorly cost you. According to the EU Commision, more than 144,376 GDPR queries and complaints were recorded in its first year of existence, and the number keeps growing. As citizen awareness continues to increase, so will complaints and lawsuits.
As a solution, many companies are using written forms at trade shows to gain permission to contact and process a lead’s information. But this process is just another paper to keep track of, manually record, file, etc. It also means the sales team must remember every time they obtain someone’s contact information to also have that person sign a form. Inconvenient, but not a huge deal if you only get one attendee at a time. Of course, we all know trade shows don’t work like that (if only). So when the inevitable rush comes and a rep forgets to obtain permission, you’re opening yourself up to possible lawsuits.
What’s the best approach then? How do you minimize risk?
You need to simplify the process. With a mobile lead capture solution designed to abide by GDPR, like iCapture, you can do away with tedious forms for GDPR authorization and eliminate the guesswork.
Making GDPR Easy with iCapture
We created iCapture to make your trade show life easier—GDPR is no different. Here at iCapture, we have designed everything with GDPR is mind so your company no longer needs to worry about it during events. After events, if any individuals contact you with a GDPR query, we make the solution simple. Below are some of the GDPR capabilities through iCapture:
For the majority of companies, the most important feature is digital opt-in. This is the official authorization from the individual permitting you to contact him/her. iCapture makes it easy to include an opt-in question, terms and conditions agreement, and signature capture. You can customize all the content to satisfy your specific needs. After capturing an attendee’s contact information, the GDPR opt-in question appears on the main screen. This is a non-intrusive, quick way to gather authorization from each person during the capture.
Right to be Forgotten
GDPR Article 17, or the “Right to erasure” and “Right to be forgotten,” is a more commonly cited article that may require your company to remove personally identifiable information (PII) of a data subject upon request without undue delay. To comply with any such requests, you can ask the iCapture team to permanently delete relevant data. Upon removal, we will provide transaction ID(s) to serve as references to the deleted data.
Right of Access, Right to Rectification, Right to Restrict Processing, and Right to Object
- Right of access: If any individual were to request what personal data we are processing, where, and why, we would be able to retrieve that information for you.
- Right to rectification: In a case where a data subject asks to correct, revise, or remove any of the data stored, we may do so at anytime.
- Right to restrict processing: If anyone contacts you with the complaint that his/her personal data is inaccurate or collected unlawfully, we can reduce the usage of that personal data per the individual’s request.
- Right to object: Lastly, if a data subject decides he/she no longer wants to include his/her data in our analytics for us to provide targeted marketing content, we can remove this data at any time upon request.
Curious to learn more about CCPA, the California data privacy act? Go here.