With the General Data Protection Regulation (GDPR) coming into effect in just 6 weeks, are the days of growth at any cost coming to an end?
The law is designed to safeguard data privacy for EU citizens, and applies to any business with EU users or customers, regardless of whether the business is based in the European Union or not. The penalty for non-compliance is “up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher.”
After doing a lot of research and interviewing leaders managing GDPR compliance at top companies we’ve come to this conclusion:
If you’re in growth, and not preparing for GDPR, you should be.
Currently, many growth teams are violating the General Data Protection Regulation in multiple ways. And though it was approved by the European Parliament in April, 2016, they’re unprepared to comply when it comes into effect on May 25, 2018.
Does this apply to your team?
It does if you’re:
- Tracking user behavior on your website or in your app for marketing and personalization
- Collecting email addresses and other personally identifiable information (PII) for email marketing
- Testing strategies to resurrect churned users
If you’re doing any of these things without explicit consent (defined below) from users, then it’s time to make some changes to your growth practices.
In this post, we’ll talk about what you need to know to comply with GDPR across the 3 common growth activities mentioned above.