Additionally, paste this code immediately after the opening tag:
January 10, 2023
4 mins 35 secs
Isaac Bullen

How 3 Non-EU Organisations Are Dealing with the GDPR

The 25th of May 2018 was a big day for the internet. Most end users probably just noticed an increase in inbox traffic and pop-ups, with requests to opt-in or accept  new cookies.

But for those with a little more skin in the game, the implementation of the European Union’s General Data Protection Regulation (GDPR), over two years in the making, was a far more serious affair. It saw sweeping reforms on EU data protection and privacy rights being instituted overnight, with the online businesses and organisations who managed this data being held immediately accountable for non-compliance.

To GDPR or not to GDPR

While the rules for organisations within the EU were relatively cut-and-dried (as much as they can be with such broad and pioneering legislation), the platform on which they were to be applied – the internet – is essentially borderless. Non-EU organisations were put in an awkward situation – while their businesses were based outside of the union, many of their business interests, including customers, were not.

In such cases, where do the responsibilities for GDPR compliance lie? And what might these responsibilities look like? To find out, we spoke to three people who have been tasked with working out exactly that – those within global, internet-reliant businesses based outside of EU borders.

Tim Kremer is co-founder of Avaza, a project management and accounting software as a service (SaaS) provider founded in Australia. Alf is the elusive founder of The Moon Unit, a New Zealand-based creative services provider that specialises in sculpting pitches and marketing materials for many of the world’s leading brands. And Caroline Carver is principal consultant at TwoBlackLabs, another New Zealand-based operation, but one focused on data privacy and protection consultancy which has quickly built a reputation as the authority on non-EU GDPR compliance.

So, first question’s first.

How has the GDPR affected you as an Australian/New Zealand business?

The waters were particularly muddy for SaaS organisations like Avaza. SaaS providers simply host applications for customers and have limited contact with the end user’s actual data, so where do GDPR responsibilities lie?

“We initially found the GDPR very confusing,” admits Kremer. “There’s a lot of fear, uncertainty and doubt spread online about it, which is to be expected given its complexity and lack of clear direction in many practical implementation areas.” To cut through the noise, Avaza went all in. They committed serious resources to studying the legislation in its original form, then compared their notes with others online.

A lot of time and money was spent on the process, but the results were worth the effort. The company’s European customers, it turned out, were just as confused as the rest of the world. Myths and untruths were everywhere, but happily the company’s commitment to compliance saw them navigate the change better than most.

TwoBlackLabs found that the New Zealand Privacy Act had a surprising amount of overlap with the GDPR. “When completing reviews of GDPR compliance, we identified that many customers are also non-compliant with the NZ Privacy Act,” notes Carver. So the organisation simply applied the GDPR across the board. “By addressing the requirements of GDPR, [our customer’s] overall compliance with the NZ Privacy Act has also improved.”

What changes have you made within your business in response to the GDPR?

But not all GDPR stories are good news. As creatives, the legislation has complicated matters at The Moon Unit. “It’s reduced the amount of people we can talk to and meaningfully engage with,” says Alf. “We’ve stopped EDM marketing to the UK and Europe. We’ve started to connect with people on LinkedIn and social media channels as a way to mitigate this, but it’s not really a viable alternative.”

Avaza’s commitment to compliance is writ large again in the changes that they have put in place. “We formalised our documentation and processes for relevant GDPR policy areas, established an in-house expert, conducted an audit of our own data practices and those of our suppliers, made changes in our software, and published information for our customers.” As a truly global SaaS business, Kremer know that no stone could remain unturned. “I think it’s still very open to interpretation. Time will tell the real impact on businesses as the legislation is tested and businesses come under increasing scrutiny.”

As GDPR consultants, Black Labs have seen the full gamut of reactions to the legislation. “Some clients have made changes to ensure they are not in scope of GDPR, while others have had to embark on large programs to understand their business,” Carver explains. “The largest area of change I have seen is in identifying and rationalising third parties, as the GDPR requires a company to guarantee the compliance of all third parties who process personal information. This has resulted in some companies changing third party providers to ones that can offer compliant services.”

How do you personally feel about the GDPR?

But legislation, compliance and bureaucracy aside, how do our Australian and New Zealand organisations feel about the GDPR – good, bad or indifferent? The reception, from our small sample size at least, has been mixed.

“While it’s great to have your personal data safeguarded as a consumer/individual, it also shuts down avenues for many businesses,” instructs Alf. ”It’s hurt our bottom line. Companies that send out useful content marketing – as opposed to spamming out ‘we did this, we did that’ newsletters that no one wants to know about – have been hit hard.”

Kremer of Avaza somewhat echoes Alf’s sentiments. ““I think that data privacy is extremely important, and having this conversation in the media and in government is a valuable exercise. I do however feel that such vague and ominous legislation, and a lack of understanding of technology amongst legislative and legal bodies, may have more of a negative impact on businesses than a positive impact on consumers.”

As a GDPR consultant, Carver of TwoBlackLabs finds herself on the total opposite side of the coin. “I think the GDPR is positive. It is starting to be adopted by other jurisdictions as the baseline for privacy, in California for example, and it is anticipated others will follow suit and it will become the minimum standard over time. Anything that focuses on customer rights and protection must be a positive move for all.”

Who is right? Only time will tell. But one thing is clear – the tentacles of the GDPR have stretched farther than many organisations are willing to admit, so no matter whether you find yourself within the borders of the EU or outside of it, ensuring that you’re aware of your responsibilities is a must.

Author Isaac Bullen

Other posts

Mastering UTM Parameters in Google Analytics: A Practical Guide
March 29, 2023
2 min

Mastering UTM Parameters in Google Analytics: A Practical Guide

The purpose of this article is to describe UTM parameters and how Google Analytics uses them to track the effectiveness of digital marketing initiatives. Campaign Source, Campaign Medium, Campaign Name, Campaign Term (optional), and Campaign Content make up the five components of UTM parameters (optional). Google Analytics reads the UTM parameters when a user clicks on a URL that has them and assigns the traffic to the proper source, medium, campaign, and content. As a result, campaign performance can be accurately tracked, user behaviour can be better understood, and ROI may be increased. It's crucial to name UTM parameters consistently in order to keep data structured and simple to analyse.

Read more
Unveiling the Distinctive Traits of SaaS Marketing: Redefining Success in the Digital Realm
June 14, 2022
4 mins 30 secs

Unveiling the Distinctive Traits of SaaS Marketing: Redefining Success in the Digital Realm

Marketing is no walk in the park—it's a tough nut to crack. Whether you're promoting a constantly evolving product or targeting a niche audience, finding the right strategy can be a real challenge. Over the years, we've seen countless marketing approaches claiming to be bigger and better than the rest. B2B SaaS (Software-as-a-Service) marketing, however, has become increasingly popular and is creating waves in the market. Not only is SaaS marketing demanding, but it also stands apart from all other marketing strategies out there where innovative ideas merge with a customer-centric approach to redefine triumph in the contemporary digital landscape. In this comprehensive article, we will delve into the unique aspects that set SaaS marketing apart from traditional marketing approaches. Prepare to embark on a journey where your greatest asset is your information, your customers become long-term partners, the emphasis shifts from selling a product to offering a service, and the ultimate goal is for your SaaS to sell itself.

Read more
Driving Lead Generation Excellence on LinkedIn: Unleashing the Power of Connection for SaaS Marketers
September 6, 2022
6 mins

Driving Lead Generation Excellence on LinkedIn: Unleashing the Power of Connection for SaaS Marketers

Welcome to the Wild Wild West of social media marketing, where the landscape can often feel overwhelming and uncertain. With numerous platforms vying for your attention and experts sharing their insights, it's easy to get lost in the chaos. However, amidst the noise, there's a hidden gem waiting to be discovered—LinkedIn. In this article, we'll uncover the untapped potential of LinkedIn as a powerful and underrated social media platform for SaaS marketers

Read more