This year has been a big year for privacy law—especially in the United States and Europe, where companies raced to meet the May 25 compliance deadline associated with the European Union (EU) General Data Protection Regulation (GDPR). Because of its broad reach and potential impact on businesses that collect and store personal data, GDPR drove a fundamental shift in global privacy rights and ushered in a new era of transparency around data practices and increased consumer control over their personal data.
And GDPR isn’t alone—its compliance deadline was followed closely by a new, similar law in California. Like GDPR, the 2018 California Consumer Privacy Act was passed with a two-year implementation period to allow businesses to get into compliance prior to full enforcement of this new regulatory framework.
As the general counsel of a mid-sized, mid-stage tech startup, I spent a significant amount of time over the past two years working with colleagues throughout my company to review and revising our internal data practices. We were lucky: I heard about GDPR right after its passage, and was able to quickly impress upon my company’s senior management the stringency and novelty of GDPR. Because everyone was clear on how significant this regulation was, there was universal support for our efforts to be compliant prior to May 25—or GDPR Day, as we called it at my company, Braze (formerly Appboy).
Some general counsels at U.S. companies took the view that GDPR didn’t apply to their organizations. Given today’s mobile-first world, I found that conclusion surprising, if not naive. We live in a world that, technologically speaking, doesn’t have borders. Braze is a mobile-centric platform. It can be used by the employees of our customers wherever they may be in the world, and it enables them to send targeted messages to the users of the mobile applications and websites anywhere, in real time.
The reality is that we live in a world filled with a variety of privacy regimes. Many of those regimes are similar to GDPR; some are even more onerous. That means that we’re living in a new world—a world that says people have a right to know what data you’ve collected about them, what you’re doing with it, where you’re storing it, how long you’re keeping it, and who you’re sharing it with. Consumers have the right to control their own data, to tell you to stop processing it, collecting it, or using it in any way. And in today’s boundary-free world, companies that haven’t embraced this new model are bound to run up against a wall of consequences, from fines to class action lawsuits, to a cold shoulder from organizations who won’t work with a vendor that hasn’t embraced this new reality.
I have a saying that I’ve often used with my children: “There are other ways to go through life than to be dragged through it, kicking and screaming.” The same can arguably be said here.
As a company, Braze has always embraced transparency. It’s one of our core values—so the transparency required by GDPR wasn’t a huge shift from our standard operating stance. It also means that we don’t view today’s new privacy requirements as impediments to success. Rather, at Braze, we’ve embraced the new regulatory framework as a way to build better, stronger relationships with our customers.
It’s clear that giving consumers what they want, building trust with them by respecting their preferences, and giving them control over their experience are the ways to develop long-term relationships that lead to increased engagement and brand loyalty—and emerging regulatory frameworks throughout the world support that. Given that, laws like GDPR serve as a framework for marketers to be more successful, not less. But only if they truly respect and comply with these new regulations.
At Braze, we view our customers as partners in this data privacy journey. That’s why we strive to work with them on scalable solutions that bring value to their businesses and create opportunities to creatively address global requirements that will impact how marketing evolves in this ever-smaller world. Part of that effort involves discussing how we see and approach data privacy, as well as addressing the challenges we’ve faced, the approaches we’ve embraced, and the lessons we’ve learned. Thank you for coming with us on this journey.
Thanks! We'll be in touch shortly.