Are You Treating Non-EU Customers Like Second Class Citizens or is it #GDPRforAll?

Ready or not, it’s finally arrived. From this day forward organizations that collect personal data on European citizens must comply with the long-anticipated General Data Protection Regulation.

In the days leading up to 25 May 2018, email inboxes were bombarded with updated privacy policies from every business you’ve ever interacted with, web sites exploded with pop-ups asking for permission to use cookies and collect data about you, and members of compliance committees at companies around the world double- and triple-checked their GDPR project plan spreadsheets.

It’s been interesting to watch the different approaches taken by companies collecting and protecting the personal data of EU citizens versus non-EU citizens. Some companies, like Microsoft, have promised to give users worldwide the same data and privacy rights Europeans will get under GDPR. Microsoft’s customers, no matter where they live, will be able to see what information the company collects about them and correct or delete it if necessary. They will also be able to object to the use of data for marketing and other purposes.

This stands in contrast to other firms, such as Facebook, that have been vague about applying GDPR provisions to non-Europeans, including the provision that lets Europeans object to the processing of personal data, such as for marketing. And then there are some companies that are either blocking European users or shutting down operations there entirely because they don’t have the resources to comply with GDPR.

I have some questions for those businesses that possess the ability to meet the strict data protection requirements of GDPR for their European customers but choose not to offer those same measures for their non-European users: What message does that send to your non-European customers? Don’t all users around the world deserve the highest privacy standards? Why should customers in North America, Asia, and other parts of the world be treated as second class citizens when it comes to protecting their personal information?

One side benefit to all the attention being given to GDPR is that consumers around the world are waking up to the reality that the companies they do business with don’t necessarily have their best interest in mind when it comes to protecting their personal information. Just as people now prefer brands they feel are more socially responsible, increasingly individuals will also make usage and buying decisions based on whether they trust companies to protect their most sensitive data. Don’t expect non-Europeans to sit idly by as they watch EU citizens receive preferential treatment from the same businesses. They are going to demand the same protections.

As GDPR is likely to become the gold standard consumers look for when deciding whom to trust with their data, there’s a very strong business case to be made for extending those same protections beyond Europe to your users around the world. Now would be a great time for you to offer #GDPRforAll.