Businesses will face severe penalties for violating the General Data Protection Regulation (GDPR).
The European Union’s impending regulation strengthens data protection and privacy of EU citizens and companies that market products to them. The law impacts companies even if they don’t operate in the EU: It applies to EU citizens regardless of where they live or work.
It applies to EU citizens who join mailing lists while vacationing aboard or complete web-based forms of a U.S.-based company. It applies to companies that collected personal information from EU customers, that received web traffic from the EU in the past year, or that have done business with EU citizens in the last year. Companies not meeting the law may be fined up to 4% of their annual revenue or 20 million Euros.
While many businesses will view the GDPR as overreach by a regulatory bodies, the regulators see it as “doing the right thing” to protect citizens. Public opinion in both Europe and North America seems to be on the side of the regulators in protecting private data and on customer privacy in general.
Many are Unprepared for the GDPR
Many – maybe most — companies do not yet comply with the rigorous law that goes into effect May 2018.
“Marketers, advertisers, and public relations professionals are ill-informed and ill-equipped to manage the largest change in data and privacy in the last 20 years: GDPR,” warns Christopher Penn, vice president, marketing technology at Shift Communications.
Companies are beginning to panic, says Kim Greenop-Gadsby, email marketing manager of SmartInsights. The Information Commissioner’s Office (ICO) fined Flybe and Honda a total of 83,000 euros for violating current EU rules on email reactivation campaigns. The enforcement actions prove the ICO will not tolerate misuse of people’s personal information.
The GDPR:
- Requires companies to obtain customers’ freely given, explicit consent to collect their information. Practices such leaving pre-checked boxes on web forms will be unacceptable.
- Grants customers the power to control how their personal information is used.
- Sets standards for data protection in order to prevent data breaches and misuse.
- Requires companies to inform customers about the purpose of collecting data, who will process that data, and their ability to withdraw consent, and other rights.
How Will the Law Impact Your Analytics?
“Given how important data analytics is to marketers today, it’s critical to understand how GDPR will affect how you run analytics programs over time,” says Rick Spickelmier, CTO at Birst. “As more companies utilize data for helping make marketing decisions, the role of analytics will become more important. Making sure that your approach to analytics meets the necessary guidance on data security and privacy will therefore be essential.”
Nuances of the law may not become clear until enforcement actions or court decisions.
Marketers may need to ask customers to re-opt into subscription lists and redesign landing pages, Penn says. Digital advertisers may need to scrub lists to ensure compliance. Public relations may become more important, at least temporarily, as advertising and data companies adapt.
Basic recommendations to meet the regulation include:
- Appoint a data protection officer to guide compliance efforts.
- Consult legal counsel.
- Audit data collection and storage systems.
- Identify and resolve areas on noncompliance before May 2018.
- Document steps taken to meet the regulation.
Bottom Line: The General Data Protection Regulation (GDPR) imposes strict rules on how businesses collect and use customers’ data. The law, one of the most significant laws on data and privacy in recent years, impacts companies even if they don’t conduct business directly in the European Union. It’s incumbent on marketers to learn what the law means for their organizations – and to start changing their processes to comply with the new regulation.
William J. Comcowich founded and served as CEO of CyberAlert LLC, the predecessor of Glean.info. He is currently serving as Interim CEO and member of the Board of Directors. Glean.info provides customized media monitoring, media measurement and analytics solutions across all types of traditional and social media.
