[[{"@context":"http:\/\/schema.org","@type":"Answer","name":"What is GDPR?","text":"GDPR stands for the General Data Protection Regulation. It is a European Union regulation regarding the processing of personal data","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#Answer1"},{"@context":"http:\/\/schema.org","@type":"Answer","text":"GDPR defined: the General Data Protection Regulation is the toughest data privacy and security law, drafted and signed into law by the European Union (EU). GDPR carries heavy legal responsibilities for organizations around the globe if they collect data related to EU citizens. GDRP went into effect on May 25, 2018.","name":"what is GDPR Definition","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#Answer2"},{"@context":"http:\/\/schema.org","@type":"Answer","name":"What is the impact of General Data Protection Regulation (GDPR) for online businesses","text":"<p>There are two sections in particular that online businesses need to know with GDPR documentation:<\/p> <ul> <li>GDPR Article 6(1)(a) - Consent as a lawful basis for processing data<\/li> <li>GDPR Article 6(1)(f) - Processing is necessary for the purposes of legitimate interest<\/li> <\/ul>","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#Answer3"},{"@context":"http:\/\/schema.org","@type":"BlogPosting","url":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/","mainEntityOfPage":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/","keywords":["Customer Data Strategy","GDPR Fines","CCPA | California Consumer Privacy Act","CDM | Customer Data Management","Customer Profile Management","CDP | Customer Data Platform","GDPR","Customer Data","Data Privacy","https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#BlogPosting#3"],"articleBody":"Looking at GDPR and how a consent management platform can affect your business is something we should all be doing. The battleground around customer consent versus legitimate interest is a fierce one. When the UK passed its GDPR standard for how companies can collect and process consumer data, it sent shockwaves throughout the world. Yet, it was only the first such standard. Canada has since issued its own standard, as has the state of California.\u00a0What is GDPR?GDPR stands for the General Data Protection Regulation. GDPR defined:\u00a0the General Data Protection Regulation is the toughest data privacy and security law, drafted and signed into law by the European Union (EU). GDPR carries heavy legal responsibilities for organizations around the globe if they collect data related to EU citizens. GDRP went into effect on May 25, 2018.Soon, updates to Apple and Google operating systems will further anonymize data, making it harder for companies to understand how users found their sites to begin with. This has Facebook highly concerned, given its primary revenue driver is its ad product \u2013 and without proper attribution, companies won\u2019t be able to tell how effective an ad on Facebook, or its other properties like Instagram, really is. It will soon be the baseline that all companies employ a consent management platform.      Face the music: Apple privacy changes hit e-commerce marketing                Apple privacy changes are right around the corner, and marketers who rely on Facebook ads are bracing for major impact. Here's what you need to know.      Impact of General Data Protection Regulation (GDPR) for online businessesBut for now, let\u2019s look at GDPR, the original consumer data privacy policy. All others pull on similar language and use cases, making GDPR a standard policy. There are two sections in particular that marketers need to know with GDPR documentation:GDPR Article 6(1)(a) \u2013 Consent as a lawful basis for processing data: The data subject has given consent to the processing of his or her personal data for one or more specific purposes;GDPR Article 6(1)(f) \u2013 Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.Those two articles break down what\u2019s known as consent collection and legitimate interest collection. Let\u2019s make sure you gain a good understanding of both.\u00a0How your organization can become GDPR compliant: Sorting out customer consent once and for allBecoming GDPR compliant relies upon customer consent.Customer consent is considered the gold standard of data collection: A consumer must click a button (that cannot be pre-filled) to say that they agree to give their information to the company. A consent management platform streamlines the process of securing consent.You\u2019ve undoubtedly seen these on a variety of sites you\u2019ve visited recently. Here\u2019s an example from SAP\u2019s Future of Commerce website:Customer consent requires the customer \u2013 each and every individual one \u2013 to physically consent to the collection and processing of their data.\u00a0      How to build customer loyalty by making data privacy a priority                A solid data privacy platform is crucial to earning customer trust and loyalty. So why aren't more companies providing one?      Indeed, SMS TCPA policies require something similar for text message marketing. Much like customer consent\u2019s requirement to not have a box pre-checked and to require physical consent, TCPA policies also require a physical agreement to be sent text messages, and that agreement cannot be pre-checked. Further, the language for the agreement must include information on how often a user will get sent messages, and how to unsubscribe and stop all messages.\u00a0GDPR is not alone, then, in this requirement for a more manual consent process. Organizations can choose to wait it out, but the necessity of a consent management platform is the writing on the GDPR wall.      In like a lion: Data privacy roars to life as Google is hit with massive GDPR fine                According to experts, data privacy is now crucial to businesses. The massive GDPR fine levied against Google seems to prove it.      How to generate a GDPR compliant privacy policy and define legitimate interestsLegitimate interest is more of a gray area within GDPR, and as a result, many marketers prefer it. Adding a requirement for a manual agreement for data collection adds friction to a website, and friction can severely reduce conversion. It is understandable that there may be resistance to implementing a consent management platform, however, in the end, it will be something that adds value for both consumers and companies.The Information Commissioner\u2019s Office (ICO), a UK-based independent authority that guides businesses on how to apply UK\u2019s data privacy laws such as the GDPR, has offered guidance for companies on how to generate a GDPR compliant privacy policy and interpret legitimate interest. ICO explains:The processing is not required by law but is of a clear benefit to you or others;There\u2019s a limited privacy impact on the individual;The individual should reasonably expect you to use their data in that way; andYou cannot, or do not want to, give the individual full upfront control (ie consent) or bother them with disruptive consent requests when they are unlikely to object to the processing.This makes legitimate interest far more flexible than customer consent.\u00a0When to use consent v. legitimate interest: A handy legitimate interest assessment\u00a0Based on our breakdown of consent versus legitimate interest so far, you might be thinking that it\u2019s just easier to use legitimate interest in all cases. That\u2019s not necessarily true. In fact, the ICO has made it clear that you cannot use legitimate interest as the default collection method for your company.\u00a0Although legitimate interest is a flexible concept and will often be relevant, it does not apply to everything and you are not able to use it as the default basis for all your processing.This is why most websites ask for consent upon you landing on the site. A consent management platform makes that process seamless.\u00a0      How to win customer trust: 5 strategies to earn loyalty                Customer trust is at the center of everything. Follow these five principles to understand, build, and maintain customer trust.      So, when can you use legitimate interest? Luckily, the ICO offers a three-part test for determining if legitimate interest can apply for your project, website, etc.Purpose test \u2013 is there a legitimate interest behind the processing?\u00a0Under the purpose test, you need to ask yourself if the data collection is ethical, legal, and for the benefit of both your company and the consumer. And then, you need to clearly state the purpose behind wanting to process that data without consent (or under legitimate interest).Necessity test \u2013 is the processing necessary for that purpose?\u00a0Using the necessity test, you need to demonstrate that there is no other less invasive way to achieve your goal, and ensure that the processing is proportionate to achieving your aims.Balancing test \u2013 is the legitimate interest overridden by the individual\u2019s interests, rights, or freedoms?\u00a0Finally, under the balancing test, you need to ensure that processing the data doesn\u2019t infringe on the rights and freedoms of the individual.\u00a0All right \u2013 so, this three-part test isn\u2019t all that helpful. Let\u2019s look at a few examples instead.\u00a0Applying the three-part test: GDPR legitimate interest examplesThe following scenarios are offered by the ICO in their documentation to help companies better understand how to apply the three-part test and ultimately which data collection and information practices to use.\u00a0The charity case.\u00a0A charity wants to send fundraising material by post to individuals who have donated to them in the past but have not previously objected to receiving marketing material from them.The charity\u2019s purpose of direct marketing to seek funds to further its cause is a legitimate interest.The charity then looks at whether sending the mailing is necessary for its fundraising purpose. It decides that it is necessary to process contact details for this purpose and that the mailing is a proportionate way of approaching individuals for donations.The charity considers the balancing test and takes into account that the nature of the data being processed is names and addresses only and that it would be reasonable for these individuals to expect that they may receive marketing material by post given their previous relationship.The charity determines that the impact of a fundraising mailing on these individuals is likely to be minimal however it includes details in the mailing (and each subsequent one) about how individuals can opt-out of receiving postal marketing in the future.The business seminar case of GDPR.\u00a0Individuals attend a business seminar and the organizer collects business cards from some of the delegates.The organizer determines that they have a legitimate interest in networking and the growth of their business. They also decide that collecting delegate contact details from business cards is necessary for this purpose.Having considered purpose and necessity the organizer then assesses that the balance favors their processing as it is reasonable for delegates handing over business cards to expect that their business contact details will be processed, and the impact on them will be low. The organizer also ensures that it will provide delegates with privacy information including details of their right to object. The organizer subsequently collates the contact details of the delegates and adds them to their business contacts database.There are no legitimate interest loopholes: It\u2019s about ethical data practicesOn the fence about what to use? Start with the gold standard of consent. From there, expand into legitimate interest but always do your best to explain upfront what data will be collected and for what purposes. Finally, always allow recipients of marketing material to opt-out of a list of being sent information \u2013 even if that information is based on consent or legitimate interest. Begin to build toward a consent management platform by establishing how your company will treat consent and data as a practice.In other words, treat consumer data the way you\u2019d want yours treated. GDPR requires companies to simply think a bit harder about what data they are collecting, if they need to be, and how to do so in an ethical way.\u00a0Some companies are taking this standard to a new level and using ethical data collection and transparency as a marketing tactic in their own right. Let\u2019s look at Lush for instance. They have made Data Ethics a pillar of their company values.\u00a0\u201cNow more than ever people are aware of how critically valuable their personal data is. In its lightest form, it is the tweets you post, the photos you upload, the people you DM. In its darkest forms, it is a tracker on your identity, an algorithm deciding whether you should be on a kill list. It is our belief that Data Privacy is a fundamental human right. The ethical data policy is about ensuring that all of Lush\u2019s staff and customer data is secure and transparent. Our customers and staff have the right to know what we hold about them.\u201dAs more and more countries, states and the like adopt GDPR-type standards, we are likely to see more and more companies adopting digital ethics best practices as internal values, and then using those as marketing fodder. This is the ideal goal of consumer data privacy and protection policies. Integrating a consent management platform is a transparent investment in respecting your customers.\u00a0  Crush revenue + growth targets.Power up your competitive edge.Win customers.It all begins HERE.\u00a0","description":"Understanding the nuance of customer consent and legitimate interest is key to GDPR compliance. Customer consent is considered the gold standard of data collection - with good reason. A consent management platform supports compliance.","dateModified":"2022-11-22","datePublished":"2021-04-27","about":["Customer Data Solutions","Customer Experience","Customer Engagement","https:\/\/en.wikipedia.org\/wiki\/General_Data_Protection_Regulation","Marketing","GDPR","https:\/\/www.wikidata.org\/wiki\/Q1172506","Customer Data","Data Privacy: Laws, Consumer Expectations"],"wordCount":1958,"name":"What is GDPR and how will it affect your business?","headline":"What is GDPR and how will it affect your business?","image":{"@type":"ImageObject","url":"https:\/\/www.the-future-of-commerce.com\/wp-content\/uploads\/2021\/04\/consentVinterest_1200x375.jpg","height":375,"width":1200,"@id":"https:\/\/www.the-future-of-commerce.com\/wp-content\/uploads\/2021\/04\/consentVinterest_1200x375.jpg"},"publisher":{"@type":"Organization","logo":{"@type":"ImageObject","url":"https:\/\/www.the-future-of-commerce.com\/wp-content\/themes\/hybris_foc\/assets\/images\/layout\/logo-foc-2x.svg","height":"96","width":"293","@id":"https:\/\/www.the-future-of-commerce.com\/wp-content\/themes\/hybris_foc\/assets\/images\/layout\/logo-foc-2x.svg"},"address":{"@type":"PostalAddress","name":"The Future of Commerce","addressCountry":"https:\/\/www.the-future-of-commerce.com\/#Country","addressLocality":"Newtown Square","addressRegion":"PA","postalCode":"19073","streetAddress":"3999 West Chester Pike","@id":"https:\/\/www.the-future-of-commerce.com\/#PostalAddress"},"url":"https:\/\/www.the-future-of-commerce.com\/","alternateName":"The Future of Commerce and Customer Engagement","additionalType":"news media","name":"The Future of Commerce","description":"News, information, and analysis on the future of commerce, including e-commerce, customer engagement, B2B, B2C, DTC, supply chain, sustainability, and purpose.","sameAs":["https:\/\/www.linkedin.com\/groups\/4844282","https:\/\/podcasts.apple.com\/us\/podcast\/a-call-for-a-better-experience\/id1479742201","https:\/\/twitter.com\/FutureOfCEC","https:\/\/www.the-future-of-commerce.com\/feed\/"],"contactPoint":"https:\/\/www.the-future-of-commerce.com\/#ContactPoint","legalName":"The Future of Commerce","parentOrganization":"https:\/\/www.sap.com\/index.html#Organization","numberOfEmployees":"https:\/\/www.the-future-of-commerce.com\/#QuantitativeValue","@id":"https:\/\/www.the-future-of-commerce.com\/"},"author":{"@type":"Person","image":{"@type":"ImageObject","url":"https:\/\/secure.gravatar.com\/avatar\/b06d48fbe4745687be64a6d89f2d47bd?s=96&d=mm&r=g","height":96,"width":96,"@id":"https:\/\/secure.gravatar.com\/avatar\/b06d48fbe4745687be64a6d89f2d47bd?s=96&d=mm&r=g"},"url":"https:\/\/www.the-future-of-commerce.com\/contributor\/tracey-wallace\/","name":"Tracey Wallace","@id":"https:\/\/www.the-future-of-commerce.com\/contributor\/tracey-wallace\/#Person"},"subjectOf":{"@type":"FAQPage","name":"GDPR: General Data Protection Regulation","about":[{"@type":"Thing","name":"GDPR","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#Thing"},{"@type":"Thing","name":"General Data Protection Regulation","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#Thing1"},"https:\/\/www.wikidata.org\/wiki\/Q1172506","https:\/\/en.wikipedia.org\/wiki\/General_Data_Protection_Regulation"],"mainEntity":[{"@type":"Question","name":"What is GDPR?","acceptedAnswer":{"@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#Answer1"},"@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#Question1"},{"@type":"Question","name":"what is GDPR Definition","acceptedAnswer":{"@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#Answer2"},"@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#Question2"},{"@type":"Question","name":"What is the impact of General Data Protection Regulation (GDPR) for online businesses","acceptedAnswer":{"@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#Answer3"},"@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#Question3"}],"abstract":"Looking at GDPR and how a consent management platform can affect your business is something we should all be doing. The battleground around customer consent versus legitimate interest is a fierce one. When the UK passed its GDPR standard for how companies can collect and process consumer data, it sent shockwaves throughout the world. Yet, it was only the first such standard. Canada has since issued its own standard, as has the state of California. ","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#FAQPage"},"@id":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#BlogPosting"}],{"@context":"https:\/\/schema.org\/","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"2021","item":"https:\/\/www.the-future-of-commerce.com\/2021\/#breadcrumbitem"},{"@type":"ListItem","position":2,"name":"04","item":"https:\/\/www.the-future-of-commerce.com\/2021\/\/04\/#breadcrumbitem"},{"@type":"ListItem","position":3,"name":"27","item":"https:\/\/www.the-future-of-commerce.com\/2021\/\/04\/\/27\/#breadcrumbitem"},{"@type":"ListItem","position":4,"name":"What is GDPR and how will it affect your business?","item":"https:\/\/www.the-future-of-commerce.com\/2021\/04\/27\/gdpr-definition-general-data-protection-regulation-affect-business\/#breadcrumbitem"}]}]