GDPR Compliance for the Furniture Industry

June 8, 2018
GDPR Compliance for the Furniture Industry

GDPR_For_Furniture On May 25th, 2018 the European Union’s General data protection regulation (GDPR) took effect. You may be asking yourself, what does that have to do with me? I’m a furniture manufacturer located in the United States. How can an EU law affect my business?

You’re not alone. In a recent survey conducted by Sage, 91% of American businesses lacked awareness surrounding details of the GDPR. 84% of those surveyed don’t understand the implications for their specific businesses.

 


But how does a law in the EU affect my American business? The regulations are written so that anyone who wants to do business with any EU member states or individuals requires those businesses to be compliant with the GDPR.  

For furniture manufacturers, this means that your European based designers, customers, or suppliers make GDPR affect your business. The question you need to ask yourself now is what does noncompliance actually look like?

Let’s take a look at two furniture companies and how GDPR may affect them:

Okay Furniture Co is sending emails out to their database, which is maintained in an internal database on a company server or a series of spreadsheets. In the past, Okay Furniture Co. has purchased lists as well as attained customer data from other marketing practices like trade-shows and inbound website activities. When they send out their latest email campaign, it goes to an EU citizen who reports the organization to the supervising authority. There is an audit of Okay Furniture Co. and it is found that the organization’s database or data management practices do not allow prospects to be permanently removed, exported, or transferred. Their website also does not display a cookie consent notification in simple language and they have not updated their privacy policy to include data collection practices.

 

Since Okay Furniture Co is not compliant with GDPR, depending on its size could face penalties as large as 20 million euros (around $24 million USD) OR 4 percent of their annual global turnover – whichever amount is higher! Due to the heavy fines Okay Furniture Co. might have to shut down due to the fines!


GDPR can be that serious for organizations of any size, from single entrepreneurs to the largest of organizations. Luckily GDPR doesn’t have to be a terrifying thing. In fact, at Stratagon we see it as a great opportunity! Furniture companies simply need to know what to look out for and how GDPR compliance actually helps their business.

A_Tale_Of_Two_Furniture_Companies_GDPR_2

Here are the hotspot areas for you look out for:

  • Know Your Data Subject’s Rights: Under GDPR, data subjects (your prospects and customers) are subjected to rights related to their data processing (data processing is any collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consideration, use, disclosure by transmission dissemination, erasure, or destruction of personal data). Data subjects have the ability to: 
    • Withdrawal Consent: At any time, a data subject should be able to withdrawal consent for data processing as easily as they have provided it. This means that users can simply unsubscribe from all of your distribution channels.
    • Request Data Portability: Data subjects can request to receive personal data they have provided to a controller (organization who controls data) in a structured, commonly used and machine-readable format. It also gives them the right to request that a controller transmits this data directly to another controller.
    • Request Access: Data subjects must be able to receive confirmation that their data is being processed and have access to the personal data records being maintained on them. Individuals can make a subject access request verbally or in writing. Data controllers have one month to respond to a request and cannot charge a fee to deal with a request in most circumstances.
    • The Right to be Forgotten: Data subjects can request for ALL of their data to be removed and all data processing to stop. Often times CRM or CMS software will not permanently delete the data, so be sure your system has a GDPR compliant data deletion setup.
  • Understand Cookie Consent: Under GDPR, data subjects need to be given notice that cookies (small pieces of code that track users around your page) are being used on your website. This statement must be made in language that users understand and can explicitly opt into.
  • Attain Lawful Basis: Lawful basis means that you need to have a legal reason and permission to use someone’s data. This can be broken down into two broad categories:
    • Lawful processing: Lawful processing is the legally given authority to store a data subject’s information with their consent. Consent can be an explicit newsletter opt in, data processing to meet contractual obligations such as sending a quoting, or processing for interests pursued by resellers.
    • Lawful Communication: Lawful communication is the actual communications you have with data subjects after they give the consent for lawful processing. This is your direct email marketing tactics and information. As long as you observe the data subject’s rights, your communication will be able to be considered “lawful communication”

 

So with all of that regulation, confusing terminology, and requirements you may be asking yourself “how do I come up with a good GDPR strategy for my business?” It’s actually pretty easy:

Step 1 – Analyze your existing databases

A_Tale_Of_Two_Furniture_Companies_GDPR_1

Leaders in the furniture industry need to determine what personal data they’re holding onto and if they can prove that they have a legal basis for data processing. That basis can be proven through contractual obligation or acquired consent.

Step 2 – Assess your practices

Can you continue with your current outbound or inbound marketing practices? Do you purchase lists or attain emails through non-consensual practices? Do you have processes in place to be able to respond to data subject requests? Are you following customer first, content driven, inbound marketing practices?

Step 3 – Investigate better customer first solutions

Can you replace or supplement outbound or traditional practices with an inbound first strategy? Are you keeping customer data stored in excel rather than inside of a CRM? Is your CRM GDPR compliance ready? Do you have a cookie policy on your website?

  

Now that we know a little more about the GDPR, it’s time to look at our second furniture company, called Great Furniture Co. They are in much better shape to handle GDPR compliance.

Great Furniture Co. has been utilizing the HubSpot email automation, website hosting and CRM platform for a few years now. This allows them to have historical information that is easy to remove, delete, export, and manipulate, all within GDPR compliance. They have switched from relying solely on traditional outbound practices, such as trade shows and magazine ads, to a more balanced approach, which includes inbound marketing practices. They have also completely eliminated list purchases and opted for a true user opt-in inbound practice. Once GDPR went into affect, they only have had to update their website cookie policy and their privacy policy to better inform their visitors of their rights on their website.

The information customers receive is relevant, useful, and most importantly unobtrusive. Their sales have increased, and customer retention is up. Great Furniture Co. has taken GDPR, which many views as a hindrance, and have leveraged it as a move to delight their suppliers, designers, and customers throughout their global marketplace.

 

 GDPR and data compliance doesn’t have to be another obstacle in marketing. Many successful organizations are using GDPR to move to a more customer-focused inbound strategy that yields great results for not only your European based, but global designers, customers, or suppliers. With preparation and planning, furniture manufacturers can keep customer data privacy at the top of mind while continuing to delight partners. 

 

GDPR_Checklist

 

** DISCLAIMER: Your own legal counsel will give you the best compliance advice for your specific situation. Every circumstance is different. Ultimately, it's up to you and your team to determine what compliance looks like for your business.

 

Resources and Sources: 

Author Bio

Kelly's passion for marketing shows in everything he does professionally and personally. His passion for creating beautiful and creative marketing extends beyond Stratagon with his personal musical work as a drummer all over the triad.