The implications of the EU’s GDPR laws on Bangladesh are greater than you think
From May 25, 2018 onwards, the EU put the General Data Protection Regulations (GDPR) into effect. The aim is to better protect their citizens when it comes to data privacy. Of course, the question worth asking is: How is Bangladesh -- a trading partner of EU -- going to be affected by the new GDPR law?
What exactly is GDPR?
The GDPR is a set of data protection rules that the EU originally started working on back in 1995, and have recently finalized into effect, giving EU citizens more control over how their personal data is collected and used by corporations.
More importantly, it gives their citizens the right to access their personal data and delete it all together if they wish to. This means that any company collecting, storing, and utilizing any EU citizen’s data will have to change its current policies to allow EU users with greater control over their own data.
In times when an individual’s data is the defining commodity for any business connected to the internet -- whether it be constructs of emails, chat messengers, apps, and what have you -- companies such as Google, Facebook, Microsoft, and Amazon, have been scrambling to adapt to the new GDPR requirements. In addition, many of these companies are also extending these modifications to users from other nations as well -- including Bangladeshis.
You’ve probably received such policy change emails if you’re using GMail, Facebook, Live, or Yahoo mail. I know I have, anyway.
What about Bangladeshi companies?
Does GDPR even apply in the context of Bangladesh? Actually, it does -- given that the EU is one of the key trading partners of Bangladesh, with over 20 billion euros being earned in imports and exports last year, which implies that there was exchange of a lot of data when communicating with EU-based businesses and administrative entities.
The BPO (Business Process Outsourcing) industry in Bangladesh falls under one of the trade agreements we have with the EU.
With a booming market share of $180m, and employing more than 40,000 people in the country, BPO companies in Bangladesh such as Datasoft, Brain Station 23, Dream 71 Bangladesh, Lead Soft,and others have clients from all over the world, including EU nations such as the UK, Denmark, Germany, Netherlands, Sweden, and Switzerland.
These companies deal with the EU on a regular basis, either individually or institutionally, clearly showing an exchange of multivariate data between trading partners. Consequently, these companies, and many more, such as Taskeater, Genex Infosys Ltd, Digicon Technologies Ltd, Syntech Solutions, are affected by GDPR.
For example, digital marketing comprises of collecting data on EU subjects for targeting potential customers. However, GDPR prohibits collecting data of EU individuals or companies without their explicit consent, also requiring justification that companies will protect their users’ data from any breach such the Facebook-Cambridge Analytica controversy.
If any similar breach occurs, any company in the world, including those in Bangladesh, may face fines of up to a maximum of 20m euros or 4% of the company’s revenues, whichever is greater.
To avoid such penalties, complying with these rules will definitely have a negative impact on our digital marketing as it will be difficult for companies to access the information of EU citizens and create appropriate online marketing.
Email marketing managers can no longer use the “one-size fits all” email campaign to target their audience and potential customers. Instead, they have to receive and record the consent of each and every individual before promoting their products and services to them via email. As a result, companies will definitely experience a decrease in their marketing database while their exposure to the EU audience will decline as well.
Saima Islam, Managing Director of Bytominer -- a rising SME BPO company that targets the UK as one of its markets -- confirmed the aforementioned prediction that one definite impact of GDPR on the company will be an imposition of restricted unsolicited emails targeting potential customers.
However, she also looks intthe positive aspect of GDPR for companies such as hers, which is to focus more on a varied, solicited omni-channel approach to reach smaller target markets with better relationship management and outcomes.
In addition to BPO companies, various e-commerce companies such as Daraz, Rokomari, and BanglaShoppers sell items to individual consumers in UK and other EU nations, meaning that these companies have to collect and store a certain amount of consumer data in order to ship items to the right customer’s address.
With GDPR coming into effect, such companies would surely require changing their data policies and avoid any possible financial penalties.
All of the above arguments are made through educated presumptions and are part of an ongoing research, required to fully understand and find out how GDPR would really impact Bangladeshi companies.
We are continuing to investigate into the matter by surveying companies in Bangladesh about the pros and cons in various aspects of business, now that GDPR has been in effect for about a month. It’s definitely not business as usual with EU anymore. λ
Kamal Hossain is a Senior Lecturer of eCommerce and Management Information Systems at BRAC Business School, BRAC University. Mim Khondoker is a Research Assistant and student at BRAC University.