There’s a long way to go until US lawmakers act on GDPR, if they ever do on a federal scale. Some states, though, might follow in the EU’s privacy footsteps relatively quickly. So for those of you with operations in the US and beyond, should you do nothing or act now?
Your customers care about privacy
The recent controversy surrounding Facebook has highlighted the importance of online data protection to millions around the world. In response, Mark Zuckerberg has committed to making changes to Facebook, and people will undoubtedly expect similar reassurances from other companies.
Many global organisations we’re working with have adopted GDPR across all their operations, in every country. This shows their customers and partners that they take privacy seriously, but it also simplifies the organisation’s processes.
Digital commerce knows no boundaries – most of Facebook’s processing happens in Ireland, for example – so the easiest response is to apply the strictest rules everywhere. Failing to do so risks being viewed as biased to customers or stakeholders in different counties, and that’s not acceptable in the eyes of public opinion. You don’t provide different levels of customer service or corporate responsibility, so why would privacy be any different?
So what should you do?
Start with a global review of where you hold personal data – you need to know what information you have and where it is. Consider the legal basis for why you have such data and, where necessary, make sure you have consents in place.
Next, apply a ‘one world approach’. No matter where your customers or stakeholders are, treat them with equal respect and put in place a global privacy policy. And tell them about it.
That means you need to implement universal and global information rights. Wherever you are, you should give your customers and stakeholders the same process and user experience. Provide a consistent ‘front door’.
A ‘one world approach’ also means you need a global set of internal tools, processes, standards and governance that make worldwide compliance effective and consistent.
Go global with GDPR now
Even though GDPR only applies in the EU, the possibility of US states aligning to the new regulation, higher customer expectations and the efficiency of taking a ‘one world approach’ mean you should go global with GDPR now.