The affects of GDPR on North American companies

By Pouyan Broukhim

Personal data is the ‘world’s most valuable resource’, rated more precious than that of oil. Data is collected at an astonishing rate and, as such, is highly regarded by companies around the world. Something as simple as posting a photo is recorded to your digital footprint, allowing businesses to target your needs with hyper-personalised ads. However, as digital slowly starts to dominate lives and industries, consumers are becoming suspicious.

According to the 2017 Data Threat Report, 70% of consumers believe their data has been made accessible for the use of cybercriminals, among other concerns. As such, the UK is enforcing the GDPR on May 25th 2018. The GDPR, or General Data Protection Regulation, is legislation to safeguard your consumer's data. However, this not only affects European companies, but international corporations too. For any business collecting data from their European consumers, you must comply. Washington Direct Mail, a UK mailing house, are looking into the importance of data collection, and what the GDPR will spell for your U.S/Canadian company.

How will the GDPR affect my business?

The GDPR will bring about some serious changes in data privacy. If you happen to be based in the U.S or Canada, but handle data on EU consumers, you will be affected. However, there are two critical points to note. Firstly, if the EU consumer (or subject) is not in the EU when you collect your data, the GDPR does not apply. Secondly, your prospects do not need to purchase from your site for the GDPR to apply to your business. Even if you happen to be collecting data as part of a marketing survey, those EU consumers are protected under the terms of the GDPR. To get to the basics: if you are hosting a ‘generic survey’ without directly targeting EU consumers, but a prospect from Britain fills out the survey - they are not covered under the GDPR. However, if your study mentions references to EU users, then the law will kick-in, and you must follow the privacy legislation. If not, it could spell big trouble for your business.

See also:

What are the fines?

Any U.S or Canadian business with a market in the EU must be aware of these changes. You can implement changes through building privacy settings into your website, improving communication with your audience and asking permission for data. The privacy legislation is legally binding. Therefore, you could face a hefty fine if you ignore. The fines can reach upwards of €20 million, or 4% of your global turnover.

What are the primary regulations?

As we get closer to the data, you should already be looking into how to implement changes to your product if necessary. However, we have outlined the main points of the GDPR for all companies, whether in the EU, U.S or Canada.


This is a hot point of topic in the media. The GDPR requires explicit consent from your consumers, for the use of their data. You must always ask to use their data and show complete transparency as to why, where and how you will collect. Ensure the personal data is collected with a specific purpose. You must update your mailing list or database to make sure you are not reaching out to those who do not wish to be contacted, and have said so - bringing us to our next point.

‘The Right to be Forgotten’

This regulation is exactly what you would expect. All consumers have the right to be removed from your database and, subsequently, forgotten. If they ‘opt-out’ from your data collection, you must remove any personal information immediately.

Control of data

The primary takeaway from the GDPR is that control of data is back in the hands of your users. It does make it more difficult to obtain, but it can also work well in terms of marketing. Those consumers left in your database are those that have expressed interest in your products, putting your brand in front of the right people.


Clear, accurate data is vital for your business during the GDPR. Without the right data, you cannot target the correct prospects - rendering your existing data useless. You must keep accurate data at all times and store it no longer than necessary. When collecting your personal information, you are also required to provide an audit trail for the collection and use.

How does the GDPR benefit my company?

The GDPR certainly doesn’t spell doom and gloom - quite far from it. While the media likes to portray the GDPR as the death knell for marketing, you can use it to your advantage. Effectively, the GDPR allows you to build trust and, subsequently, revenue. By sharing why and how you are collecting data and ensuring full transparency, you are creating a relationship with your consumer and improving engagement.

We touched on this point above, but the legislation specifically targets those interested in your services. If a prospect doesn’t want to share data, they will say so. However, those who would like to learn more will provide consent, so you are halfway there to encouraging them to buy your products.

Ultimately, the GDPR does mean large changes for personal data, but it can benefit your business in the long-term. However, you must comply with the rules.

Article contributed by Washington Direct Mail.


Featured Articles

Amelia DeLuca, CSO at Delta Air Lines on Female Leadership

Driving decarbonisation at Delta Air Lines, Chief Sustainability Officer Amelia DeLuca discusses the rise of the CSO and value of more women in leadership

Liz Elting – Driving Equality & Building Billion-$ Business

Founder and CEO Liz Elting Turned Her Passion into Purpose and Created a Billion-Dollar Business While Fighting for Workplace Equality – and Winning

JPMorgan Chase: Committed to supporting the next generation

JPMorgan has unveiled a host of new and expanded philanthropic activities totalling US$3.5 million to support the development of apprenticeship programmes

How efficient digital ecosystems became business critical

Technology & AI

Mastercard: Supporting clients at a time of rapid evolution

Digital Strategy

Why Ceridian has boldly rebranded to Dayforce

Human Capital