Your personal data is your identity––as unique to you as your fingerprints. However, many of us may not be aware of how our data is being used online. International Data Privacy Day, which took place this week on January 28, is an excellent time to put in place practices, both personally and professionally, to protect your personal information. This global campaign is especially relevant at MDR, a division of Dun & Bradstreet, where data privacy is essential to our business and brand. We’ve woven privacy into the fabric of our company to ensure our clients think of us as a reliable data steward and trusted business partner.
So, in celebration of Data Privacy Day, here’s a refresher of terms related to data, a reminder of GDPR and its impact on doing business in the U.S., and an update on the latest data governance policies in the U.S. and elsewhere.
Personal data refers to any information relating to an identifiable living person. It may be private or professional, and includes name, age, address, and phone number, but also relates to the digital imprint––cookies, IP address––that can be linked to them.
Data privacy refers to the protection of personal information when collecting, using, securing, sharing with third parties, and transferring across geographic borders. MDR collects professional and business contact data that is considered personal information under many regulatory schemes.
It’s these two concepts––personal data and data privacy––that make up recent regulations. Many companies are figuring out how to comply with these regulations while still trying to market and sell their product in a strategic way.
What is GDPR?
In May 2018, General Data Protection Regulation (GDPR) went into effect in Europe. GDPR is a set of “digital rights” for European Union (EU) citizens in this age of the increasing economic value of personal data, coupled with concerns around data privacy. It’s important to note that GDPR applies to the personal data of EU citizens only, including their names, contact information, email addresses, pictures, IP addresses, etc. GDPR regulations mandate explicit and purposeful consent for storing and processing this personal data.
Many best practices are not just a GDPR concept––they’re good common-sense ways to handle privacy. Further, as more countries and states implement such regulations, compliance will be necessary. Where possible, you should begin to adopt some of these best practices into your marketing strategy.
Here are some factors you should pay attention to now:
- In the U.S., we are preparing for the implementation of the California Consumer Protection Act (see below) and watching a flurry of federal legislative activity and hearings on personal data privacy.
- With the unpredictability surrounding Brexit as the deadline approaches, companies should prepare for multiple contingencies.
- Recent Canada’s Anti-Spam Law (CASL) guidance surrounding the regulation of commercial electronic messages.
- In China, a major change in law was implemented with the passage of the Cybersecurity Law (effective June 1, 2017, but some measures are still in draft form and may be completed in 2019). Also, the Personal Information Security Specification came into effect on May 1, 2018, offering standards for handling of personal information in China.
What is the CCPA?
The California Consumer Privacy Act (CCPA) was passed by the California legislature in June 2018. The CCPA affords California residents an array of new rights, starting with the right to be informed about what kinds of personal data companies have collected and why. While there are natural comparisons between CCPA and GDPR, there are significant differences between the two laws regarding the nature of the rights created. For example, the CCPA has added the right to “Opt-out of a Sale” and the CCPA’s definition of “publicly available” data is far narrower than that of the GDPR, including only information lawfully made available from federal, state, or local government records and used for the same purpose.
While the CCPA pertains only to any resident of the state of California, it may have a national and international impact. Initially scheduled to go into effect on January 1, 2020, the law was amended to delay enforcement until the earlier of July 1, 2020, or six months after the issuance of the final regulations from the Attorney General of California. This gap is intended to give all companies covered by the law an opportunity to implement an internal compliance program.
How does MDR ensure data privacy and GDPR compliance?
As a division of Dun & Bradstreet, MDR has access to large legal and data compliance teams who have been working for years to assure that our products and services ensure data privacy and compliance with privacy regulations. To that end, we:
- Do not process data in a manner that is incompatible for which it was collected
- Take steps to ensure our data is accurate and up to date
- Store it only for as long as necessary
- Ensure we have appropriate technical and organizational measures in place to keep data secure
You can continue to use MDR data products with the assurance that they are GDPR and CCPA compliant.
Data privacy is a complex issue. Given our increasingly digital world, MDR believes that recent data privacy regulations, both governmental and corporate, are positive, progressive moves forward. Again, although some of these regulations won’t affect every business, adopting them is good practice. You can confidently turn to MDR as a trusted partner to help you navigate these efforts.