The EU Data Protection Directive was designed to protect the privacy and data of EU citizens, which is great. But it has one big problem: it came into effect in 1995, when the world was very different; when the internet was still in its infancy; and when hacking, online fraud, data theft and data breaches weren’t the huge problems they are today.
So, on 25th May 2018, the EU’s new General Data Protection Regulation (GDPR) comes into full force.
What is GDPR?
The GDPR is the new privacy law governing the collection and use of data relating to all individuals within the EU. As with any other set of regulations covering multiple countries, GDPR is complex and will take time to fully understand. However, here are some of its key points:
- Customers and prospects must freely opt in to any communication in an unambiguous way – inactivity or a pre-ticked box cannot count as permission.
- Organisations need to give a clear reason for collecting data.
- People have the right to view and/or amend data upon request, or even have it destroyed under the “right to be forgotten”.
- Companies that fail to comply are liable to a penalty of up to €20m or 4% of global annual turnover (whichever is greater).
One of the most notable aspects of GDPR is that it doesn’t affect just EU-based organisations – any business that processes the data of EU citizens must comply with the regulations, even if that data is processed from a non-EU country. That’s why Brexit shouldn’t stop UK-based businesses from making preparations.
What does GDPR mean for marketers?
Marketers will need to think more carefully about how and why they are collecting each piece of data – they need a clear and specific reason rather than collecting as much as they can get their hands on and then working out what to do with it later.
Many organisations will need new structures and processes set up to enable compliance, such as the ability to grant EU citizens access to their data, with the option to amend or destroy it.
How can marketers overcome the challenges of GDPR?
To comply with GDPR you first need to understand it. That’s why, even though it’s not a legal requirement, it’s a good idea to appoint a dedicated Data Protection Officer. They can work with departments within the organisation, including marketing, to ensure everybody knows their obligations, as well as doing regular data audits to ensure the company continues to comply long-term. There’s no reason why you shouldn’t do this now in preparation for May 2018.
Your organisation will likely need to change how it collects, manages and administers data. While all these changes will undoubtedly cost time and money in the short term, there’s a good chance it’ll be of benefit in the long term because:
- You’ll spend less time collecting useless data; all the information you hold should have a clear purpose.
- Your organisation will run more smoothly because it’ll be forced to improve its housekeeping.
- Customers and prospects may be more engaged by your communications because they have actively chosen to receive them.
Is your organisation ready for GDPR? Want to know more about the implications on your marketing activity? Then get in touch.