On May 25th, 2018, the EU General Data Protection Regulation (GDPR) will come into force. GDPR is a regulation which has binding legal force on the Member States; the UK (still) being one of them. However, does the GDPR definition of personal data mean that we should delete all of our business and consumer email data to be compliant?
Everyone has the right to protection of personal data, but the incoming GDPR regulation defines personal data as; any information that could be used, on its own or in conjunction with other data, to identify an individual.
GDPR will affect every person in each Member State. Unfortunately, there is confusion concerning whether deleting business and customer emails will allow easier compliance. We are in a time where emails to businesses or consumers are essential. Emails, in turn, need personal data.
There has been huge publicity around Wetherspoons deleting its entire market database. After their 2015 data breach, it has been suggested that this will reduce the risk of Wetherspoons breaching the regulation. As the penalty for failing to comply is up to €20 million or 4% of global annual turnover, compliance is very important.
However, contrary to popular belief, deleting emails is not something to worry about. This is even if you are a b2b or b2c company.
Yet, it is important to distinguish between a b2b and a b2c relationship. This blog will focus on the business to consumer email relationship.
Is there any evidence to support deleting consumer email data?
The short answer is no, it does not. EU legislation affects 750 million EU citizens and over 1 billion email accounts. Consequently, it would not be a responsible business decision to lock yourself out of this market. Personal data collection and customer profiling brings benefits to you and your customers.
When a man comes into a shoe store he doesn’t want the salesperson to offer him stilettos, and so why should it be any different online? If you’ve read mostly scholarly books in the past, you’d probably be surprised if Amazon was trying to sell you Fifty Shades of Gray. In the end, the goal of collecting data and profiling customers is to provide a personalized buying experience.
In addition, emails allow a business to understand a customer’s behaviour and their past actions to predict future ones. However, it is important as a business to remain compliant. See some solutions about how to become GDPR compliant without having to delete your customer database.
How it is possible for a business to stay in the EU market whilst being GDPR compliant:
- Email Archiving: As most emails contain a customer’s personal information, email security is key. It is important that a customer can find and remove personal information where required. Find out how to simplify compliance with Office 365 E3 archiving. Deploy tools to scan, identify and retrieve PII in emails and unstructured files
- Advanced Threat Protection: Protect your customers from common attacks (phishing attacks, imposter emails) that compromise customer data.
- Email Encryption and Data Loss Prevention: Automatically encrypt emails that contain sensitive personal information (credit card, social insurance, health reference numbers). Especially that which could be inappropriately shared. Make sure your company is not at risk of losing this sensitive information or being fined in the process with Office 365 E3 DLP (Data Loss Prevention) and Information Protection Encryption..
It is important not to be misled by other corporation’s responses to GDPR. It is possible to remain compliant whilst accessing the EU market.
If you would like to continue to read about how GDPR will affect b2b emails, please check back here soon.