Additionally, paste this code immediately after the opening tag:
January 10, 2023
4 mins 35 secs
Isaac Bullen

How 3 Non-EU Organisations Are Dealing with the GDPR

The 25th of May 2018 was a big day for the internet. Most end users probably just noticed an increase in inbox traffic and pop-ups, with requests to opt-in or accept  new cookies.

But for those with a little more skin in the game, the implementation of the European Union’s General Data Protection Regulation (GDPR), over two years in the making, was a far more serious affair. It saw sweeping reforms on EU data protection and privacy rights being instituted overnight, with the online businesses and organisations who managed this data being held immediately accountable for non-compliance.

To GDPR or not to GDPR

While the rules for organisations within the EU were relatively cut-and-dried (as much as they can be with such broad and pioneering legislation), the platform on which they were to be applied – the internet – is essentially borderless. Non-EU organisations were put in an awkward situation – while their businesses were based outside of the union, many of their business interests, including customers, were not.

In such cases, where do the responsibilities for GDPR compliance lie? And what might these responsibilities look like? To find out, we spoke to three people who have been tasked with working out exactly that – those within global, internet-reliant businesses based outside of EU borders.

Tim Kremer is co-founder of Avaza, a project management and accounting software as a service (SaaS) provider founded in Australia. Alf is the elusive founder of The Moon Unit, a New Zealand-based creative services provider that specialises in sculpting pitches and marketing materials for many of the world’s leading brands. And Caroline Carver is principal consultant at TwoBlackLabs, another New Zealand-based operation, but one focused on data privacy and protection consultancy which has quickly built a reputation as the authority on non-EU GDPR compliance.

So, first question’s first.

How has the GDPR affected you as an Australian/New Zealand business?

The waters were particularly muddy for SaaS organisations like Avaza. SaaS providers simply host applications for customers and have limited contact with the end user’s actual data, so where do GDPR responsibilities lie?

“We initially found the GDPR very confusing,” admits Kremer. “There’s a lot of fear, uncertainty and doubt spread online about it, which is to be expected given its complexity and lack of clear direction in many practical implementation areas.” To cut through the noise, Avaza went all in. They committed serious resources to studying the legislation in its original form, then compared their notes with others online.

A lot of time and money was spent on the process, but the results were worth the effort. The company’s European customers, it turned out, were just as confused as the rest of the world. Myths and untruths were everywhere, but happily the company’s commitment to compliance saw them navigate the change better than most.

TwoBlackLabs found that the New Zealand Privacy Act had a surprising amount of overlap with the GDPR. “When completing reviews of GDPR compliance, we identified that many customers are also non-compliant with the NZ Privacy Act,” notes Carver. So the organisation simply applied the GDPR across the board. “By addressing the requirements of GDPR, [our customer’s] overall compliance with the NZ Privacy Act has also improved.”

What changes have you made within your business in response to the GDPR?

But not all GDPR stories are good news. As creatives, the legislation has complicated matters at The Moon Unit. “It’s reduced the amount of people we can talk to and meaningfully engage with,” says Alf. “We’ve stopped EDM marketing to the UK and Europe. We’ve started to connect with people on LinkedIn and social media channels as a way to mitigate this, but it’s not really a viable alternative.”

Avaza’s commitment to compliance is writ large again in the changes that they have put in place. “We formalised our documentation and processes for relevant GDPR policy areas, established an in-house expert, conducted an audit of our own data practices and those of our suppliers, made changes in our software, and published information for our customers.” As a truly global SaaS business, Kremer know that no stone could remain unturned. “I think it’s still very open to interpretation. Time will tell the real impact on businesses as the legislation is tested and businesses come under increasing scrutiny.”

As GDPR consultants, Black Labs have seen the full gamut of reactions to the legislation. “Some clients have made changes to ensure they are not in scope of GDPR, while others have had to embark on large programs to understand their business,” Carver explains. “The largest area of change I have seen is in identifying and rationalising third parties, as the GDPR requires a company to guarantee the compliance of all third parties who process personal information. This has resulted in some companies changing third party providers to ones that can offer compliant services.”

How do you personally feel about the GDPR?

But legislation, compliance and bureaucracy aside, how do our Australian and New Zealand organisations feel about the GDPR – good, bad or indifferent? The reception, from our small sample size at least, has been mixed.

“While it’s great to have your personal data safeguarded as a consumer/individual, it also shuts down avenues for many businesses,” instructs Alf. ”It’s hurt our bottom line. Companies that send out useful content marketing – as opposed to spamming out ‘we did this, we did that’ newsletters that no one wants to know about – have been hit hard.”

Kremer of Avaza somewhat echoes Alf’s sentiments. ““I think that data privacy is extremely important, and having this conversation in the media and in government is a valuable exercise. I do however feel that such vague and ominous legislation, and a lack of understanding of technology amongst legislative and legal bodies, may have more of a negative impact on businesses than a positive impact on consumers.”

As a GDPR consultant, Carver of TwoBlackLabs finds herself on the total opposite side of the coin. “I think the GDPR is positive. It is starting to be adopted by other jurisdictions as the baseline for privacy, in California for example, and it is anticipated others will follow suit and it will become the minimum standard over time. Anything that focuses on customer rights and protection must be a positive move for all.”

Who is right? Only time will tell. But one thing is clear – the tentacles of the GDPR have stretched farther than many organisations are willing to admit, so no matter whether you find yourself within the borders of the EU or outside of it, ensuring that you’re aware of your responsibilities is a must.

Author Isaac Bullen

Other posts

Mastering Google Ads for SaaS Success: A Comprehensive Guide
April 12, 2022
5 mins 25 secs

Mastering Google Ads for SaaS Success: A Comprehensive Guide

Harnessing the power of Google Ads can help your Software as a Service (SaaS) company experience outstanding success in the dynamic world of digital marketing. As a highly proficient SEO and copywriter, we are here to guide you through the intricate nuances of Google Ads, equipping you with the knowledge and strategies needed to outrank your competitors and seize the attention of your target audience. So, buckle up and get ready to embark on a journey towards unparalleled success in the realm of Google Ads for SaaS!

Read more
Beginner's SEO Guide: Mastering the Basics
April 5, 2023
2min 45 secs

Beginner's SEO Guide: Mastering the Basics

Do you have trouble turning website visitors into paying customers? Do you want to boost your website's conversion rates and user experience? If this is the case, A/B testing might be the answer you've been waiting for. We'll provide you an introduction to A/B testing for conversion optimisation in this article.

Read more
Unlocking 8 Powerful Secrets: How to Positively Transform Prospects into Loyal Travel Enthusiasts
October 4, 2022
6 mins 30 secs

Unlocking 8 Powerful Secrets: How to Positively Transform Prospects into Loyal Travel Enthusiasts

In the vast domain of travel and tourism, it's not just about offering trips, but crafting unforgettable journeys. The article suggests that the essence of attracting travellers lies in humanising travel experiences, focusing on personal tales such as the local grandmother's pasta in Venice or a transformative hike in Nepal. Authenticity is paramount, with a push towards highlighting the lesser-known treasures and using platforms like Instagram and TikTok for candid showcases. It underscores the importance of personalising travel offerings using data analytics and AI, ensuring every trip feels tailored. A responsible brand ethos encompassing sustainability, eco-friendly practices, and community upliftment is highlighted as a modern necessity. The blend of technological convenience with the irreplaceable warmth of human touch in customer interactions is emphasised. Agencies are encouraged to empower travellers through webinars, blogs, and podcasts, fostering trust. The article also touches upon leveraging the Fear Of Missing Out (FOMO) to spotlight exclusive experiences and the importance of cultivating a sense of community among travellers. In wrapping up, the piece reiterates the significance of a genuine, human-centric approach, with the belief that it's about creating memories one journey at a time.

Read more
more posts
Stay in the loop:
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
socials

Copyright ©3WH Limited
All rights reserved.

pages
Blog
Case Studies
Testimonials
Contact Us
Privacy Policy
Disclaimer
AdDress
Gemma House 39 Lilestone street London, England, NW8 8SS
phone
0204 100 22 44
Email
hello@3wh.com