Suddenly your inbox is filling up with updated privacy policy notices from every company you have ever offered your name or email to. It’s worth taking a look at what they say — you’ll be surprised how obvious most of it sounds. You assumed your personal data was always treated with this level of respect. Sorry, it hasn’t been.
The General Data Protection Regulations (GDPR) were approved in the European Union in 2016 after four years or deliberation and edits, and enforcement commences May 25, 2018. Previous guidelines date back to 1990, five years before the oh-my-gosh-the-digital-era-is-upon-us classic THE NET. Clearly an update was overdue and while large multinationals have hired a small army of specialists to gracefully implement said rules, small businesses are scrambling to grasp the scope and find the time. Mostly because, sometime mid-April, they first heard of this and realized it applies to any company possessing the data of an EU citizen.
Our industry’s business is by default international, and it’s essential to understand these regulations apply to all EU citizens regardless where the data is processed. Companies in the United States, Japan or Zimbabwe must all comply when handling data of an EU citizen, but are not obligated to do so with data of non-EU citizens. Many language service providers (LSPs) consist of small teams with limited legal resources to implement GDPR, and if you’re freaking out right now that’s perfectly legit. Judging by Facebook’s decision to move 1.5 billion users from Ireland to California to avoid responsibility, most data-holders are.
Always Localize?
Having a habit of localizing anything we can, it’s unsurprising we (MultiLingual) considered separating our EU clients from the rest in order to conform. Looking at the extent of our online database, that was going to be quite a task. It didn’t take long before we decided that applying the regulations to all data subjects, not just EU citizens, was going to be much easier. It’s actually more work to distinguish between the two and create separate policies, especially when you keep in mind odd cases like myself, who are permanent residents of the Unites States but hold EU citizenship. How will you be able to know this as a processor?
Another reason not to localize this effort — but instead apply it across the board — is that GDPR encourages trust. A fresh privacy policy and transparent opt-in choices are indicative of the kind integrity anyone hopes for. As a marketer, I like to think of opportunities rather than limitations. Sure, less people are going to opt in to receive direct mailers with sales pitches, but by distinguishing three categories of output instead of lumping them all into one, we’ll be able to customize delivery to our clients and prospects giving them a more appealing and personalized experience, hopefully resulting in a higher response rate. If you feel that GDPR offers timely basic respect and clarity, why not give all your customers the same peace of mind? Meanwhile, you are saving yourself some work and strengthening the tie with your clients.
