What GDPR Means to Marine Industry Businesses
Contributed by Boats Group
In recent months, you’ve probably received communication from some of your favorite websites or entertainment apps such as Netflix, Twitter, Facebook, Amazon Prime or Verizon. These communications have been prompted by the General Data Protection Regulation (GDPR). Many businesses in the U.S. assume that GDPR doesn't apply to them since it's a European-based regulation.
The media has covered GDPR extensively in recent months - from Forbes' recent article, US Businesses Cannot Hide from GDPR, to additional coverage on CNN and multiple technology media outlets - but, the marine industry media has not published much information about GDPR. So, there’s no wonder that brokers, dealers and OEMs have questions about GDPR!
We’ve summarized the highlights below to help make it easier to understand what GDPR is and what it means for our industry.
What is GDPR?
The European Union’s General Data Protection Regulation (GDPR) represents the most significant change in data protection law since the inception of the Internet. GDPR takes into account how information is collected and stored differently since the rise of the digital economy which rendered the previous legislation, the Data Protection Directive of 1995, obsolete. GDPR was passed in 2016, with enforcement beginning May 25th, 2018.
Who is subject to GDPR compliance?
The GDPR’s scope is significant as it covers companies and organizations that utilize or store personal information of European citizens globally, natural persons in the EU or companies operating in the EU; therefore, its remit includes most organizations anywhere in the world. A company is subject to GDPR compliance if it:
- Has a presence in any European Union member country
Presence can be as simple as having a website that can be viewed in that country.
- Has customers or clients based in any member country of the EU
Customers or clients are people that are buying something from you or are interested in buying a product or service.
- Works with suppliers based in any member state of the EU
Any parts, services or contractors that are based in Europe count.
- Conducts marketing efforts in any member state of the EU
Emails, display ads or promotions that are delivered to EU citizens can be considered as “marketing efforts.”
- Has employees, investors, or customers who have citizenship (even dual citizenship) of any member state of the EU
The US is a nation of diversity with residents and citizens from all over the globe. It’s estimated that anywhere between 1 and 8 million Americans have dual citizenship.
How does this affect the boating industry?
The boating industry is a global marketplace. Your customers and prospects are citizens of various countries throughout the world - even if they reside in the U.S. If your customers and prospects visit Europe, they are protected by GDPR while there.
When your business has any communications or transactions with customers via phone, email, social media or website, it is highly likely that your business stores their personal information/data in some way. And, the storage of personal information is what GDPR was designed to protect.
What is considered personal data?
According to the GDPR directive, personal data is any information related to a person such as a name, a photo, an email address, bank details, updates on social networking websites, location details, or a computer IP address.
What are the consequences of non-compliance?
The most serious penalties include fines of €20 million or 4% of global turnover, whichever is greater.
What does GDPR-compliant mean?
The GDPR requires organizations to implement reasonable data protection measures to protect the personal data of consumers and employees against data loss or exposure. To achieve that goal, the law regulates all areas related to data management and processing, from obtaining user consent to setting up company-wide data protection practices and handling data breach incidents.
My business doesn’t sell boats outside of the U.S., so how does this impact me?
The impact of GDPR is far-reaching, regardless of whether you are located or do business in the EU or US. It’s important that you educate yourself about GDPR and consult legal counsel if you think it is necessary.
While experts are still learning the details about how GDPR will be enforced, technology experts in both the U.S. and in Europe agree on one key aspect: Know what data your business stores. If you know your data, you’ll know what is needed to be prepared.