GDPR Compliance for the Furniture Industry
On May 25th, 2018 the European Union’s General data protection regulation (GDPR) took effect. You may be asking yourself, what does that have to do with me? I’m a furniture manufacturer located in the United States. How can an EU law affect my business?
You’re not alone. In a recent survey conducted by Sage, 91% of American businesses lacked awareness surrounding details of the GDPR. 84% of those surveyed don’t understand the implications for their specific businesses.
But how does a law in the EU affect my American business? The regulations are written so that anyone who wants to do business with any EU member states or individuals requires those businesses to be compliant with the GDPR.
For furniture manufacturers, this means that your European based designers, customers, or suppliers make GDPR affect your business. The question you need to ask yourself now is what does noncompliance actually look like?
Let’s take a look at two furniture companies and how GDPR may affect them:
Since Okay Furniture Co is not compliant with GDPR, depending on its size could face penalties as large as 20 million euros (around $24 million USD) OR 4 percent of their annual global turnover – whichever amount is higher! Due to the heavy fines Okay Furniture Co. might have to shut down due to the fines!
GDPR can be that serious for organizations of any size, from single entrepreneurs to the largest of organizations. Luckily GDPR doesn’t have to be a terrifying thing. In fact, at Stratagon we see it as a great opportunity! Furniture companies simply need to know what to look out for and how GDPR compliance actually helps their business.
Here are the hotspot areas for you look out for:
- Know Your Data Subject’s Rights: Under GDPR, data subjects (your prospects and customers) are subjected to rights related to their data processing (data processing is any collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consideration, use, disclosure by transmission dissemination, erasure, or destruction of personal data). Data subjects have the ability to:
- Withdrawal Consent: At any time, a data subject should be able to withdrawal consent for data processing as easily as they have provided it. This means that users can simply unsubscribe from all of your distribution channels.
- Request Data Portability: Data subjects can request to receive personal data they have provided to a controller (organization who controls data) in a structured, commonly used and machine-readable format. It also gives them the right to request that a controller transmits this data directly to another controller.
- Request Access: Data subjects must be able to receive confirmation that their data is being processed and have access to the personal data records being maintained on them. Individuals can make a subject access request verbally or in writing. Data controllers have one month to respond to a request and cannot charge a fee to deal with a request in most circumstances.
- The Right to be Forgotten: Data subjects can request for ALL of their data to be removed and all data processing to stop. Often times CRM or CMS software will not permanently delete the data, so be sure your system has a GDPR compliant data deletion setup.
- Understand Cookie Consent: Under GDPR, data subjects need to be given notice that cookies (small pieces of code that track users around your page) are being used on your website. This statement must be made in language that users understand and can explicitly opt into.
- Attain Lawful Basis: Lawful basis means that you need to have a legal reason and permission to use someone’s data. This can be broken down into two broad categories:
- Lawful processing: Lawful processing is the legally given authority to store a data subject’s information with their consent. Consent can be an explicit newsletter opt in, data processing to meet contractual obligations such as sending a quoting, or processing for interests pursued by resellers.
- Lawful Communication: Lawful communication is the actual communications you have with data subjects after they give the consent for lawful processing. This is your direct email marketing tactics and information. As long as you observe the data subject’s rights, your communication will be able to be considered “lawful communication”
So with all of that regulation, confusing terminology, and requirements you may be asking yourself “how do I come up with a good GDPR strategy for my business?” It’s actually pretty easy:
Step 1 – Analyze your existing databases
Leaders in the furniture industry need to determine what personal data they’re holding onto and if they can prove that they have a legal basis for data processing. That basis can be proven through contractual obligation or acquired consent.
Step 2 – Assess your practices
Can you continue with your current outbound or inbound marketing practices? Do you purchase lists or attain emails through non-consensual practices? Do you have processes in place to be able to respond to data subject requests? Are you following customer first, content driven, inbound marketing practices?
Step 3 – Investigate better customer first solutions
Now that we know a little more about the GDPR, it’s time to look at our second furniture company, called Great Furniture Co. They are in much better shape to handle GDPR compliance.
The information customers receive is relevant, useful, and most importantly unobtrusive. Their sales have increased, and customer retention is up. Great Furniture Co. has taken GDPR, which many views as a hindrance, and have leveraged it as a move to delight their suppliers, designers, and customers throughout their global marketplace.
GDPR and data compliance doesn’t have to be another obstacle in marketing. Many successful organizations are using GDPR to move to a more customer-focused inbound strategy that yields great results for not only your European based, but global designers, customers, or suppliers. With preparation and planning, furniture manufacturers can keep customer data privacy at the top of mind while continuing to delight partners.
** DISCLAIMER: Your own legal counsel will give you the best compliance advice for your specific situation. Every circumstance is different. Ultimately, it's up to you and your team to determine what compliance looks like for your business.
Resources and Sources: