What should US companies do until the smoke clears on GDPR?

Photo by  Erik Odiin  on  Unsplash

Photo by Erik Odiin on Unsplash

by Evan Rudowski

With the EU’s GDPR deadline approaching at the end of May, we’re all being inundated with a blizzard of emails asking us to confirm we still want to hear from many of the companies that have been emailing us consistently for years already.

It’s the greatest unsubscribe opportunity in history. Let me get this straight -- if I don’t reply you stop emailing me? #kthxbye

It also may be the biggest own goal in the annals of digital marketing, as many of these companies already had established a “legitimate interest” via a prior relationship with the recipient -- which, under GDPR regulation, would have allowed them to keep on emailing without further consent.

But like much about GDPR, the details are neither sufficiently well understood nor sufficiently litigated for companies to feel confident about how to proceed. The desperate last-ditch flurry of opt-in emails reminds me of the Y2K bug frenzy -- when one unfortunate colleague of mine sat in an office on New Year’s Eve waiting for the computers to blow up at midnight (they didn’t) while I stood on the banks of the Thames beneath a massive spectacle of fireworks (they did).

We see this uncertainty when we speak to American companies thinking of expanding to Europe -- they know they’ll need to deal with GDPR, but they can’t figure out whether it’s a bane or a boon.

Reports of digital media companies such as Verve pulling back from Europe lay some of the blame on GDPR -- but surely there’s more to it than that. Yes, if a business is challenged in general then it’s also going to be challenged by additional new things to deal with. In that context, yes, GDPR can be one of the straws that breaks the camel’s back.

There’s no doubt that GDPR will force digital businesses to think about whether their data handling practices are compliant and what changes they may need to make to achieve this. But it would be a mistake to view GDPR as something that can be avoided by steering clear of Europe, allowing business as usual otherwise.

In light of the recent scrutiny of Facebook and others regarding their handling of user data, GDPR may merely just be ahead of the curve. Undoubtedly we’ll see similar regulation in other overseas markets, and calls for further regulation are even being sounded in the typically laissez-faire US market.

Frankly, the days of passing user data around like a spliff at a reggae concert are probably over. Businesses expecting to continue down that path for much longer probably are smoking something. If not regulation, then class-action lawsuits and other headaches are the likely outcome. Bummer, man.

The biggest digital businesses are global, and throwing away a market of 300 million people such as Europe isn’t an option for founders and shareholders seeking to maximise long-term return on investment. GDPR is the new price of entry for Europe.

But the near-term cost will yield a long-term, global benefit. A business with full confidence regarding its user data handling is one that treats customers well and will be recognised for doing so. Los Angeles-based Factual is one company taking the approach of getting its house properly in order.

Such a business no longer has to wonder which bad actors are infiltrating its pages and putting its business at risk. How many digital executives have lain awake wondering who’s messing around with their user information? Good data hygiene -- prompted by GDPR -- lets everyone sleep better at night.