From 25 May, 2018 onwards European Union has put GDPR- General Data Protection Regulations into effect. The aim is to better protect their citizens when it comes to data. The question we ask is that - is Bangladesh, a trading partner of EU, going to be affected by the new GDPR law?

First, we need to understand what is GDPR? It is a set of data protection rules that the European Union originally started working in 1995 and have recently finalized into effect, giving European Union citizens more control over how their personal data and is being collected and used; most importantly giving the right to access their personal data and remove it all together if they wish to. This means that any company collecting, storing and utilizing any EU citizens’ data will have to change its current policies to allow EU users with the enhanced control capabilities on their data.

In today’s digitally connected massive data based personal and business world constructs of emails, chat messengers, apps, iot tools and what nots, the powerful providers of such state-of-the-art technologies like Google, Facebook, Microsoft, Yahoo and many more have been somewhat scrambling to adapt to the new GDPR requirements mainly aiming to seamlessly integrate EU users. In addition, many of these companies are also expanding the modifications to embrace the rest of the world’s users as well, including those here in Bangladesh. You probably have received such policy change emails if you’re using GMail, Facebook, Live or yahoo mail. I have!

What about companies in Bangladesh - do they have to make any similar changes? In other words, does GDPR apply in the context of Bangladesh? It does; given that EU is one of the key trading partners of Bangladesh with over 20 billion euros in imports and exports last year, implicating exchange of lots of data when communicating over email, phone, video conferencing, documents and more.

One such trading with EU is served by the BPO (Business Process Outsourcing) industry of Bangladesh. With a booming market share of USD 180 million, and employing more than 40,000 people in the country, thanks to initiatives such as Digital Bangladesh 2021, BACCO BPO initiatives, the BPO companies of Bangladesh like Datasoft, Brain Station 23, Dream 71 Bangladesh, Lead Soft, etc. have clients from all over the world including EU nations such as UK, Denmark, Germany, Netherlands, Sweden & Switzerland as the top 15 export destinations. These companies deal with EU regularly, either individually or institutionally, thus clearly showing an exchange of multivariate data between the trading partners. Consequently, these companies and many more like Taskeater, Genex Infosys Ltd., Digicon Technologies Ltd., Syntech Solutions are affected by GDPR.

For example, digital marketing, a vital strategic objective to reach the EU target market, comprises of collecting data on EU subjects for targeting potential customers. However, GDPR prohibits collecting data of EU individuals or companies without their explicit consent as well as requiring justifications that companies will protect the data from any breach such as seen in the case of the mammoth 87 million users’ sensitive data breach in the Facebook - Cambridge Analytica scandal. If any similar breach occurs, any company in the world, including those in Bangladesh may face fines of maximum 20 million euros or 4 per cent of the company’s revenues, whichever is greater.

To avoid such penalties, complying with these rules will on the other hand, definitely have a negative impact on digital marketing as it will be difficult for the companies to access information of EU citizens and create appropriate online ads. Email marketing managers can no longer use the ‘one-size fits all’ email campaign to target their audience and potential customers. Rather, they have to receive and record the consent of each and every individual before promoting their brands to them via email. As a result, companies will definitely experience a decrease in their marketing database and also their exposure to EU audience will decline.

Saima Islam, Managing Director of Bytominer, a rising SME BPO company with UK as one of its target market, confirmed the aforementioned prediction that one definite impact of GDPR on the company will be an imposition of restricted unsolicited emails targeting potential customers. However, she also looks into the positive aspect of GDPR implication for companies like Bytominer which is to focus more on different solicited omni-channel approach to reach smaller target market customers with better relationship management and outcomes.

Besides BPO companies, various e-commerce companies like Daraz, Rokomari, Banglashoppers sell items to individual consumers in UK and other EU nations, meaning that these companies have to collect and store some consumer data in order to ship items to the right customer’s address. With GDPR into effect, such companies would surely require to change their data policies and avoid any possible financial penalty type breaches.

All of the above arguments are still under educated presumptions and ongoing research, which is required to concretely understand and find out how GDPR really impacts Bangladeshi companies. We are continuing to investigate through asking companies in Bangladesh about both the positives and the downsides in various aspects of business, now that GDPR is in effect from 25th May 2018. It’s definitely not business as usual with EU, not anymore!

*Kamal Hossain is a Senior Lecturer of eCommerce and Management Information Systems at BRAC Business School, BRAC University. He is keen on ecommerce, IoT, Artificial Intelligence, and more in the context of Bangladesh. Reach Kamal through kamal.hossain@bracu.ac.bd

**Research Assistant Mim Khondoker is a bright BBA student at BRAC University with keen interest in research topics of HR, AI and more.