If you’re an active internet user, you’ve likely noticed many websites and organizations updating their privacy policies and terms of service related to the EU General Data Protection Regulation, more commonly known as the “GDPR.” This new data privacy regulation goes into effect on May 25th 2018, and it’s making huge waves all over the world – not only in the way the general public looks at how organizations are handling personal data, but in the ways companies have been and will be held accountable for handling that data responsibly.
Even if your organization operates strictly within the United States, the GDPR’s extraterritorial reach – meaning its extension to companies and business operations beyond Europe – may require that your organization modify its data privacy practices, including the practices of your Customer Validation team.
Customer testing professionals regularly leverage personal data from hundreds, if not thousands of users the world over. Personally identifying data is a fundamental component of Customer Validation testing, since CV is the process of having real customers evaluate real products in their actual environments. After all, in order to identify ideal testers who are part of your target market, you’re going to need to collect some information about them. This means that the GDPR could impact the way your company gathers, stores, shares, and uses the data of Alpha, Beta, and Field Testers residing in Europe.
Will the GDPR Impact Your Customer Tests?
- Do members of your tester community reside in Europe?
If you have community members or test participants who are residents of the European Union, the European Economic Area, Switzerland, or the UK, it’s very likely that your Customer Validation activities will gather personal data and fall within the scope of the GDPR.
- Is your organization based in the EU, the EEA, Switzerland, or the UK, or do you have business operations there?
For organizations that fall under the data protection regulations outlined by the GDPR because they have an establishment in the European Union, the European Economic Area, Switzerland, or the UK, these laws could apply regardless of where your testers reside.
- Does your organization have European customers or a web presence in Europe?
If you are a U.S. company without any European operations, but you offer goods or services to Europeans (regardless of whether a payment is made), or monitor the behavior of Europeans, your organization will likely be subject to these regulations.
- Do your test products collect or handle personal data?
You must also consider the personal data that your product or service is gathering during a CV test when determining if the GDPR applies to your personal data practices.
Understanding how the GDPR affects your Customer Validation practices is something you should ultimately explore with your legal and security teams. But regardless, the landscape of data privacy regulation is shifting, and many companies, European and otherwise, are making the shift along with it.
If there’s a chance that the GDPR could apply to your company – or if you’re interested in best practices for improving the overall security of your testers’ personal data – watch our on-demand webinar on the GDPR’s Impact on Customer Validation.
The content provided in this blog post is for general information and awareness only. It is not intended to convey or constitute legal advice and is not a substitute for obtaining legal advice, which we cannot provide to you. You should consult with your own internal and/or external counsel and privacy team to become familiar with the issues that apply to your organization.