On May 25, 2018, the European Union General Data Protection Regulation (GDPR) went into effect. The law was drafted in response to growing fears about internet companies, specifically Facebook, and other social media sites, having unlimited access to and control over the personal data of European citizens. Ideally, the rule gives individuals power over their own personal data, including how it is used and by whom, and especially whether or not they can remove their information from organizations’ databases.
But the rule doesn’t just affect European companies and citizens. American companies are trying to cover their bases as well, especially if they do business with anyone in Europe, and possibly with an eye to future regulations that the U.S. legislature might try to pass. If you live in the U.S., you’ve probably received emails from American companies that do business with European customers or European companies alike, asking you to opt-in to their email lists to continue receiving messages from them. You may have also received notifications of updated privacy policies from any company that happens to have your email address. This was all part of the lead-up to GDPR becoming the law of the land in Europe.
Email marketing is the industry most affected by this regulation, and companies have been scrambling since 2017 to make sure they’re compliant. Communities will be affected as well, and customer community managers will need to make sure they’re ready for the change. Even if your business is situated in the U.S. or Canada, you may have customers in Europe that are participating in your community, and furthermore, this kind of regulation may be a forecast of things to come in other parts of the world. Salesforce is even offering a GDPR readiness program to help their customers be compliant.
Here are a few aspects of the new privacy regulation to keep in mind when creating a community, whether internal or external:
Make sure your terms and conditions are easy to read and easy to find. Customers or employees should know exactly what you’re doing with their data, how you’re collecting it, and how you’re using it. They should also be able to opt-out or opt-in easily and completely.
2. Internal Procedures
If you don’t have someone managing your collection procedures and controls, now is the time to start. Defining clear processes and imposing those processes doesn’t happen organically. Make sure you have a person — or better yet, a team of people — who are responsible for data collection, security, and oversight for your community.
3. Business vs Personal Data
In an employee community, business information and social information can blend pretty quickly, especially if your employees use Salesforce Chatter or Jive tools for talking about hobbies or sports. Make sure you have a clear understanding of how GDPR separates the two and that your employees understand your rules for using your internal communities.
4. Archiving and Security
Now more than ever, organizations are going to see more regulations concerning how data is handled and secured. If regulations like GDPR become for widespread, security breaches are no longer going to be big public relations nightmares — they will come with greater legal penalties, as well.
At Paladin Group, we work with our customers to make sure their communities abide by all legal regulations and follow the most secure best practices for data management. Get in touch today to learn more.