Since the start of the year, it seems like you can barely go near the internet without being reminded of the General Data Protection Regulation (GDPR) in the EU.

Now the personal data protections are in place across the bloc, attention is turning to the USA. Suffice it to say, the debate over whether similar legislation will appear here is brewing.

What is GDPR?

In simple terms, GDPR aims to provide greater levels of privacy for all individuals in the EU. It is designed to give consumers a heightened level of control over their personal data and how it’s used.

Data has become an invaluable resource for most businesses, especially those trading online, so this legislation has left a trail of change and compliance challenges in its wake.

It has meant that every organization with European clients has been required to change the way their data on individuals is collected, stored, and used.

How does GDPR affect US companies?

GDPR also applies to organizations located outside of the EU if they collect or process personal data on EU residents. In today’s global economy, that means GDPR has consequences for US companies too.

With the risk of significant fines and reputational damage, it’s foolhardy for American businesses to ignore GDPR simply because it originated across the pond.

To get an idea of the scale of the disruption, some American firms have said they will no longer serve EU residents as a result of the GDPR compliance requirements.

Verve is one such example. The mobile advertising brand began operating in Europe just two years ago but has recently said it will shutter its EU operations, citing GDPR as a root cause. It’s not the only business to decide to pull out of the bloc rather than contend with the latest regulation, either.

Is there an appetite for similar regulation in the US?

With GDPR already affecting US companies, it should come as no surprise that many are now wondering if something similar will appear in US regulation. Privacy around personal data is already a topical subject thanks to multiple high-profile cases of data breaches, lawsuits, and eroded trust.

According to the latest Edelman Trust Barometer, just 52% of the global general population trust businesses, a figure that’s unchanged from 2017 despite numerous efforts to boost perceptions.

In the US, the figures are even more startling. Across the general population, average trust is pegged at just 43%, down from 52% in 2017. This decline crosses the line from neutral territory into active distrust.

Among the ‘informed public’ (those that are college-educated, in the top 25% of household income, and report significant media consumption and engagement in business news), that fall was even more significant, dropping by 23 points to 45%.

It’s only too easy to find culprits for the growth of distrust

Facebook is the highest profile example of this. The scandal with Cambridge Analytica, in which 50 million profiles on the social media platform were harvested in a bid to influence choices during the US election campaign, has hit the company hard. Facebook’s shares have collapsed by 18%, wiping more than $119 billion off its market valuation, with the reputational damage arguably being just as significant.

Despite embarking on a global campaign to reassure users, many are now concerned about how Facebook will use their personal details.

When you add in other cases of data breaches and endless reports of tech companies facing lawsuits, it should come as no surprise that US consumer trust is on the wane.

The US Senate touched on ways to restrict the use of private data throughout the Facebook inquiry and, considering current trust levels, it seems as though at least a portion of US citizens would back such a move.

Senators Amy Klobuchar and John Kennedy are among those backing a reform of data protection legislation. There are said to be plans to draft a new GDPR-style bill that will gives individuals recourse options if their data is breached, the right to opt out of data tracking, a requirement for terms of service agreements to be written in plain language, and the ability for individuals to obtain greater control over their own data.

Klobuchar has commented,

“Consumers have the right to know if their personal information is being sold and they have the right to easily see what data has already been sold and distributed. The digital space can’t keep operating like the Wild West at the expense of our privacy.”

Kennedy has also been vocal about Facebook’s user agreement throughout the inquiry, stating to CEO Mark Zuckerberg,

Your user agreement sucks. The purpose of that user agreement is to cover Facebook’s rear end. It’s not to inform your users of their rights.”

It may only be a matter of time before businesses face some level of regulation similar to that of their European counterparts.

What would a form of GDPR mean for US businesses?

At the moment, the use of personal data in the US is largely unregulated, with many companies using the data they collect or buy to support a wide variety of business operations, including fulfilment, marketing, and improved customer experiences.

The introduction of such legislation would lead to a significant change in the way that many businesses operate. Those that have already taken steps to comply with EU legislation will be at least one step ahead.

So, with the likelihood of similar data protection regulations coming to the USA, what steps should you be taking to prepare?

  • Move away from purchased lists – Purchased lists of contact details can provide you with plenty of lead generation prospects, but they also affect trust. Instead, focus on encouraging potential customers to leave their details (our Agency Lead Generator does a great job of this for marketing agencies) or, if bought-in lists are essential, choose a partner that has ethical standards in place.
  • Allow consumers to opt-in to marketing communications – Most receive dozens of emails daily but often don’t know where some of them come from. Give your customers the option to opt-out if they choose; it may seem counterproductive at first, but it does mean that you have engaged lists that actively want to hear what you have to say.
  • Focus on adding value – This ties into the previous two points. If you’re no longer buying lists and giving customers a choice on whether or not they receive marketing communications, you need to be creative. From fascinating blog posts and resources to genuine promotional offers the recipient will be interested in, adding value is set to become even more important.
  • Offer a transparent cookie policy – When you set out to build trust in your brand name, an open, transparent approach will go a long way. Be clear about your cookie policy and how you’ll use the data you collect. Include details about the consumer’s right to be forgotten, too, and how to stop cookies being collected.
  • Assess your cyber security – Data breaches erode trust hugely, so it may be time for you to look at the security measures you have in place and how you respond to threats. Under GDPR, businesses must inform individuals as soon as possible when their data has been breached, and it’s likely this will be the case in the USA, too, if a form of GDPR becomes law. It might damage trust initially but, for the most part, consumers will recognize the challenges of cybersecurity and welcome being informed.

While a form of GDPR would undoubtedly affect how businesses operate, there are business benefits as well as challenges to consider. Consumers are increasingly aware and concerned about how their personal data is being used. Embracing ethical trading practices can help you establish a trustworthy image, build sales, and can act as a brand differentiator in a competitive environment.

We’d love to hear your thoughts

Do you think a form of GDPR should be introduced in the USA? Would this help to restore trust in big businesses in the US? We’d love to hear your thoughts! Share your opinions and experiences with us in the comments below.