Unless you’ve been living under a rock the last 2 years, you’ve likely heard of the EU’s General Data Protection Regulation (GDPR) act that came into play on May 25, 2018. That’s right, it’s been one whole year since this law took effect! Now that the dust has had time to settle, is it any clearer what impact this legislation has had on your organization, if any? If like many US cemeteries, for the last year you’ve not even thought about GDPR, safe in the knowledge that this EU law doesn’t concern you, then what you’re about to read might come as a shock...
What exactly is GDPR?
GDPR is a data protection law that creates a new set of rights that puts the consumer in complete control of their personal data. It goes way beyond traditional data protection acts that don’t take into account the complex digital spectrum of today. Key areas that organizations must think about are:
- The consumer’s right to have access to their data and to be forgotten - this involves knowing what personal data you’re collecting and where you’re storing it
- Reporting of data breaches within 72 hours
- Assigning of data protection officers
- Fines for non-compliance
- Right of consent
- Not collecting or holding unnecessary information
So why are we telling you all this? You’re based in North America. You don’t deal with EU citizens, GDPR is none of your business.
It’s worth remembering that GDPR extends to all companies who are processing data of EU residents, including businesses based in North America. GDPR requires more than just managing a customer database. Marketing, HR, IT and supply chain may also be affected. And we all know that non-compliance could result in significant fines, making this a law that’s not to be ignored!
So you don't think you're holding EU data? Consider this...
- If your website collects cookies, it’s probably also collecting cookies of EU residents
- If you use Google Analytics on your website, there’s a possibility that it may be collecting personal data of EU residents
- If you collect and hold any form of personal data of customers (for example, an online or paper enquiry form) you could inadvertently be collecting and holding information on EU residents. Top tip: You can use your PlotBox CRM system to update marketing preferences, so there’s at least one area covered!
- If you undertake remarketing campaigns:
- are you sure that your adverts aren’t displaying to EU citizens?
- have you made sure your vendor is GDPR compliant?
- If you have any European-based suppliers, you might again be inadvertently holding data on EU citizens. It’s also worth ensuring that all your suppliers are GDPR compliant, too.
So why is GDPR my new best friend?
Other countries including the US are likely to follow suit and step up their data protection laws in the wake of GDPR. If you prepare now, you’ll have less work to do when the time inevitably comes.
So use GDPR to build yourself a competitive advantage:
- Be a leader in your field for keeping data safe and secure, and advertise your cemetery as such!
- It’ll allow you to escalate your data driven innovation - identify behaviours and trends to improve your services.
- You’ll not have to worry if you ever want to grow or diversify your organization - your data compliance will already be covered.
We hope that's been of some help. GDPR compliance can sound like a lot of work, but look at it as an opportunity...GDPR goes hand in hand with effective inbound marketing which as we know is playing an increasing role in the cemetery sales process, so it makes sense on many levels to get to grips with it and accelerate yourself towards best practice and ahead of your competition!