Additionally, paste this code immediately after the opening tag:
January 10, 2023
4 mins 35 secs
Isaac Bullen

How 3 Non-EU Organisations Are Dealing with the GDPR

The 25th of May 2018 was a big day for the internet. Most end users probably just noticed an increase in inbox traffic and pop-ups, with requests to opt-in or accept  new cookies.

But for those with a little more skin in the game, the implementation of the European Union’s General Data Protection Regulation (GDPR), over two years in the making, was a far more serious affair. It saw sweeping reforms on EU data protection and privacy rights being instituted overnight, with the online businesses and organisations who managed this data being held immediately accountable for non-compliance.

To GDPR or not to GDPR

While the rules for organisations within the EU were relatively cut-and-dried (as much as they can be with such broad and pioneering legislation), the platform on which they were to be applied – the internet – is essentially borderless. Non-EU organisations were put in an awkward situation – while their businesses were based outside of the union, many of their business interests, including customers, were not.

In such cases, where do the responsibilities for GDPR compliance lie? And what might these responsibilities look like? To find out, we spoke to three people who have been tasked with working out exactly that – those within global, internet-reliant businesses based outside of EU borders.

Tim Kremer is co-founder of Avaza, a project management and accounting software as a service (SaaS) provider founded in Australia. Alf is the elusive founder of The Moon Unit, a New Zealand-based creative services provider that specialises in sculpting pitches and marketing materials for many of the world’s leading brands. And Caroline Carver is principal consultant at TwoBlackLabs, another New Zealand-based operation, but one focused on data privacy and protection consultancy which has quickly built a reputation as the authority on non-EU GDPR compliance.

So, first question’s first.

How has the GDPR affected you as an Australian/New Zealand business?

The waters were particularly muddy for SaaS organisations like Avaza. SaaS providers simply host applications for customers and have limited contact with the end user’s actual data, so where do GDPR responsibilities lie?

“We initially found the GDPR very confusing,” admits Kremer. “There’s a lot of fear, uncertainty and doubt spread online about it, which is to be expected given its complexity and lack of clear direction in many practical implementation areas.” To cut through the noise, Avaza went all in. They committed serious resources to studying the legislation in its original form, then compared their notes with others online.

A lot of time and money was spent on the process, but the results were worth the effort. The company’s European customers, it turned out, were just as confused as the rest of the world. Myths and untruths were everywhere, but happily the company’s commitment to compliance saw them navigate the change better than most.

TwoBlackLabs found that the New Zealand Privacy Act had a surprising amount of overlap with the GDPR. “When completing reviews of GDPR compliance, we identified that many customers are also non-compliant with the NZ Privacy Act,” notes Carver. So the organisation simply applied the GDPR across the board. “By addressing the requirements of GDPR, [our customer’s] overall compliance with the NZ Privacy Act has also improved.”

What changes have you made within your business in response to the GDPR?

But not all GDPR stories are good news. As creatives, the legislation has complicated matters at The Moon Unit. “It’s reduced the amount of people we can talk to and meaningfully engage with,” says Alf. “We’ve stopped EDM marketing to the UK and Europe. We’ve started to connect with people on LinkedIn and social media channels as a way to mitigate this, but it’s not really a viable alternative.”

Avaza’s commitment to compliance is writ large again in the changes that they have put in place. “We formalised our documentation and processes for relevant GDPR policy areas, established an in-house expert, conducted an audit of our own data practices and those of our suppliers, made changes in our software, and published information for our customers.” As a truly global SaaS business, Kremer know that no stone could remain unturned. “I think it’s still very open to interpretation. Time will tell the real impact on businesses as the legislation is tested and businesses come under increasing scrutiny.”

As GDPR consultants, Black Labs have seen the full gamut of reactions to the legislation. “Some clients have made changes to ensure they are not in scope of GDPR, while others have had to embark on large programs to understand their business,” Carver explains. “The largest area of change I have seen is in identifying and rationalising third parties, as the GDPR requires a company to guarantee the compliance of all third parties who process personal information. This has resulted in some companies changing third party providers to ones that can offer compliant services.”

How do you personally feel about the GDPR?

But legislation, compliance and bureaucracy aside, how do our Australian and New Zealand organisations feel about the GDPR – good, bad or indifferent? The reception, from our small sample size at least, has been mixed.

“While it’s great to have your personal data safeguarded as a consumer/individual, it also shuts down avenues for many businesses,” instructs Alf. ”It’s hurt our bottom line. Companies that send out useful content marketing – as opposed to spamming out ‘we did this, we did that’ newsletters that no one wants to know about – have been hit hard.”

Kremer of Avaza somewhat echoes Alf’s sentiments. ““I think that data privacy is extremely important, and having this conversation in the media and in government is a valuable exercise. I do however feel that such vague and ominous legislation, and a lack of understanding of technology amongst legislative and legal bodies, may have more of a negative impact on businesses than a positive impact on consumers.”

As a GDPR consultant, Carver of TwoBlackLabs finds herself on the total opposite side of the coin. “I think the GDPR is positive. It is starting to be adopted by other jurisdictions as the baseline for privacy, in California for example, and it is anticipated others will follow suit and it will become the minimum standard over time. Anything that focuses on customer rights and protection must be a positive move for all.”

Who is right? Only time will tell. But one thing is clear – the tentacles of the GDPR have stretched farther than many organisations are willing to admit, so no matter whether you find yourself within the borders of the EU or outside of it, ensuring that you’re aware of your responsibilities is a must.

Author Isaac Bullen

Other posts

7 Powerful Steps: How 3WH is Redefining the Bright Future of Tourism in 2023
July 19, 2023
7 mins

7 Powerful Steps: How 3WH is Redefining the Bright Future of Tourism in 2023

In 2023, the tourism sector sails into novel territories, and digital platforms play a pivotal role in navigating these waters. The article presents seven transformative strategies for the industry. In conclusion, 2023's tourism outlook is about creating genuine, memorable experiences. 3WH portrays itself as not just a digital marketer but a visionary in crafting these future narratives.

Read more
SaaS Pipeline Revenue Generation for Marketers: Unlocking the Potential for Sustainable Growth
September 28, 2022
5 mins 30 secs

SaaS Pipeline Revenue Generation for Marketers: Unlocking the Potential for Sustainable Growth

At 3WH, we are dedicated to empowering marketers with cutting-edge strategies and insights to accelerate their growth in the highly competitive landscape of Software as a Service (SaaS). In this comprehensive article, we delve into the critical aspect of SaaS pipeline generation, exploring innovative techniques and proven methodologies that can help businesses outrank their competitors in Google and drive sustainable growth. Get ready to unlock the full potential of your SaaS business!

Read more
The Power of Link Building: Unlocking Authority and Boosting Online Visibility
October 11, 2023
3 mins 15 secs

The Power of Link Building: Unlocking Authority and Boosting Online Visibility

In the realm of digital marketing, search engine optimisation (SEO) plays a crucial role in improving a website's visibility and driving organic traffic. An essential aspect of SEO is link building, which involves acquiring high-quality backlinks to your website. These backlinks not only serve as pathways for referral traffic but also signal search engines that your website is a credible and authoritative source. In this article, we will explore the significance of link building in SEO, uncover its benefits, and discuss effective strategies to acquire valuable backlinks. Get ready to strengthen your website's authority and elevate its visibility with powerful link building techniques.

Read more