Finally I can put my university education (a so-far not-so-relevant Masters in European Policy Administration) to use in Tech!
The European Union’s General Data Protection Regulation has come into effect. Now I know your eyes probably just glazed over and you’re already moving your cursor towards the home button, but bare with me!
This is a HUGE deal…
The GDPR is the most comprehensive regulation regarding data privacy in history. It imposes strict rules on how businesses can collect, store and use EU citizens’ private data.
To put it simply, the goal of the GDPR is to ensure that every EU citizen has full rights and control over their personal data. It gives every citizen a right to be clearly informed about how and why their data is being collected as well as the right to edit, delete and download the data when and however they please.
This means that you have to clearly receive permission and an active opt-in if you want to use someone’s data, be that a candidate that is applying for a job, an email subscriber you want to send newsletters to or a user signed up to your service. It also means that these users can at any point ask you to edit or erase their data, no matter what.
So if you’re worried about all those embarrassing photos from your teen years on Facebook, you’ll have the right to ask Facebook to delete all your data and they will legally be obliged to do so (if you’re an EU citizen).
Why the GDPR is such a big deal…
If you’re not based in the EU, you might already have stopped reading by now. That’s a big mistake. The GDPR is a European Union initiative, but it affects every and any company in the world that uses the data of even just 1 EU citizen. So if you have just 1 European customer, employee, candidate, email subscriber, or anything along those lines, you will have to comply with the GDPR.
What happens if you don’t comply? Well, the fines could be IMMENSE. Non-compliance with the GDPR could result in penalties of up to 20 Million Euros or 4% of a company’s annual turnover.
Not only that, but the GDPR is 100% retroactive, meaning that all of the data you collected in the past will have to have complied with the GDPR or else you will have to have all those users/customers/subscribers opt-in all over again.
Of course there will be some leeway as the law comes into effect, but it seems that most companies are taking it pretty seriously.
Why the GDPR is a great thing…
As a growth marketer my first reaction to the GDPR was…not great.
What do I do with the email lists and user bases I’ve built up over the past months and years?
What if I have to make them opt-in again and lose a huge chunk of them?
What about my favourite hack-y techniques (like scraping) that I spent months perfecting?
What if I accidentally break the rules and get a humungous fine?
What if, what if, what if…at the very least, the whole thing sounded to me like a lot of effort, a lot of legal jargon and an all-round pain in the a**.
But then I got to thinking…
We live in a world where our private data has become currency. It’s no coincidence that Google and Facebook are ‘free’ to use…we’re paying with our personal private data, every single day. Regardless of my professional concerns, it’s incredibly important that citizens finally regain some control over their private information.
There is very little that stops these tech Goliaths from knowing everything about us, sharing our data and even using it in questionable ways. And it’s not like the United States is going to pass laws any time soon to protect people’s privacy and personal data. If the past years have taught us anything, the opposite is true. Just ask Mr. Snowden.
Given that most digital companies in the world have customers from the EU, this regulation will lead to companies around the world re-thinking how they can collect and process people’s data.
And the benefits of the GDPR aren’t just personal ones. Regulations are tough and they may be a pain, but they also ensure fairness and quality.
So what if you have to ask your 20,000-person email list top opt back in again? Chances are, if they love your product and content, they will happily opt back in again. If not, then you’ve not lost anyone that is important to your business. The biggest loss in most cases will be vanity.
Finally, as a bootstrapper at heart, I love my sneaky grey-hat tactics. I really do. And chances are, we will find countless workarounds and ways to continue walking the fine line between smart and sneaky.
But to be honest, if you’re serious about growing a business, you will realise that most questionable forms of data collection are short-term, unscalable solutions.
Real growth doesn’t come from black-hat tactics, no matter how much some growth hackers want to force the AirBnB-Craigslist story down your throat.
Real growth comes from being creative, thinking outside the box, understanding your users, diving deep into the funnel, being data-driven, being multidisciplinary and continuously experimenting.