The official day of reckoning for marketers and companies trafficking in customer data is May 25 -- the day the...
General Data Privacy Regulation will be enacted in the European Union.
Some companies are beginning to instill General Data Privacy Regulation (GDPR) best practices, while others are still researching to see if this European regulation will affect them. Hint: It probably will.
"GDPR isn't just viewing people through a lens of being consumers and buying things and having digital experiences," said Eve Maler, vice president of innovation and emerging technology at ForgeRock, an identity management software company. Maler previously worked for Forrester Research. "GDPR is a deep-seated need to ensure that people have the fullness of their rights when it comes to privacy -- and that's any personally identifiable data. So that's B2B and B2C information."
As one of the largest software vendors dealing with mass amounts of customer data, Salesforce is no stranger to data privacy regulations, but the effects of GDPR extend beyond Salesforce, and they will directly affect Salesforce customers if they aren't up to speed with GDPR best practices.
When looking at a company like Salesforce, there are three points of contact that may be affected by GDPR:
- the data subject -- the customer;
- the data controller -- the company that is working with that customer; and
- a data processor -- a B2B company such as Salesforce.
"If you think of it as a triangle of relationships of different organizations and people, you only need one member of the triangle to be working in the EU [European Union] to have GDPR apply," Maler said. "It makes the entire regulation viral, and it's applied so widely that it has a global affect."
Nick Merker, partner and co-chair of Ice Miller's data security and privacy practice, discusses GDPR best practices.
For its part, Salesforce is trying to educate its users on GDPR best practices and how the regulation will affect them. The company has an expansive resource page that outlines how GDPR will affect the various Salesforce products, while also offering tutorials and videos that highlight GDPR best practices.
When asked for a specific comment regarding GDPR readiness, a Salesforce representative pointed to the resource page.
"Salesforce will comply with the GDPR in the delivery of our service to our customers," wrote Amy Weaver, president of legal and general counsel for Salesforce. "We are also dedicated to helping our customers comply with the GDPR."
Something to take seriously
While Salesforce is providing information to its customers to comply with the upcoming regulations, Maler said it's important for individual companies to look at how they interact with their customer data as they work more directly with that data.
Eve Malervice president of innovation and emerging technology, ForgeRock
"It behooves Salesforce customers to look at that customer relationship directly," Maler said. "They're the data controllers, and they're going to have to really look at the higher bar of building and caring for that customer relationship."
For consumers, GDPR gives them the power to have a final say on what is done with their data. Citizens of the EU or residents residing in an EU nation can choose to have their identifying data erased, and companies must oblige.
"It's a surprise to a lot of organizations in the last year that GDPR sort of crept up on them," Maler said. "It's something they need to take seriously."