Data protection and your landscape company

Photo illustration: iStock.com/cnythzl

For those old enough to remember Y2K, and the worry that came along with it, the recent buzz around the General Data Protection Regulation Act (GDPR) and Facebook’s Cambridge Analytica scandal may have you feeling a bit of déjà vu. While we made it through 2000 without our computers coming alive and terminating us, the recent changes to the GDPR—and data protection in general—can hurt our companies if ignored.

Data security in the Cambridge Analytica era

With the recent scandals that have rocked Facebook to its core, data security has become a hot topic as consumers and governments look to protect individuals. For the most part, the internet has been considered the “Wild West,” a harsh frontier with few rules and reckless companies running rampant.

Protecting consumers’ personal data has become increasingly complicated over the past several years with platforms developing different methods to collect consumer data. Some platforms such as Facebook have even allowed third-party applications to collect data on consumers, as well as people they’re connected to. In 2018, data collection has become big business, with “data mining” firms making a fortune collecting your behaviors, interests and other information to sell to marketers on the internet.

The GDPR: Europe’s answer to data protection

The GDPR is a European Union law protecting people from companies collecting and misusing their data. Even though the GDPR is a European law, all companies worldwide that handle the data of European Union consumers must adhere to its strict rules and regulations. These include but are not limited to:

• Deleting consumer data when an individual no longer wants a given company to have it;
• Prohibiting third-party companies and applications from handling a company’s consumer data; and
• Notifying website users if tracking “cookies” are being used and giving them an option to prevent this.

Why your (U.S.) business should be concerned about the GDPR

The GDPR was enacted in Europe, but it won’t be long before similar laws are passed in the U.S. Data protection is a matter every company with a website or social presence should be concerned about. Here are three ways your green industry company can protect itself and the data of your customers:

• Review and update your security measures and policy. Disclaimer: I am not a lawyer. It’s important that you review your company’s data security policy and procedures with a lawyer, making sure that the way you store your consumers’ data is compliant with current laws. Every time you collect information from consumers—whether it’s an email or credit card number—you put your business at risk if this information is misused or stolen. Furthermore, if you are planning to run digital ads, a privacy policy is a must for several platforms before you can even start.
• Make your website and emails “permission based” and transparent. Collecting data in forms on your website and sending email campaign blasts may not seem like a big deal. However, under the GDPR, consent needs to be explicit, clear and specific. In a sense, your forms and emails need to be permission based, letting consumers know exactly how you intend to use their data and whether you plan to send them emails for advertising purposes.
• Update your privacy and data policy online, allowing consumers to see it.
  A privacy policy should be a staple of every website, and updating an older policy to account for the GDPR is a must. A quick Google search will show hundreds of results for free templates, but each privacy policy should be reviewed with an attorney and customized to your specific needs. Work with your staff to ensure they understand how to properly store consumer data, as well as how to properly remove it if asked by a customer.

Featured photo illustration: iStock.com/cnythzl