By First Last — Jun 5, 2018 11:00 AM
In the last few months, you may have received several notices from brands sharing changes to their privacy policies. These messages are no coincidence. The new policies are, in part, the result of months (or years) of planning to comply with rules outlined in the GDPR.
On May 25th, 2018 enforcement of the GDPR began. This means that companies serving individuals in the European Union online are subject to hefty penalties for violating the new law.
What is the GDPR?
GDPR is the long-awaited new data protection policy developed by the EU. It’s designed to help consumers wield more control over how data is stored, used, and shared. There are tons of other requirements (99 in total), but that’s the gist of it.
What you need to know about the GDPR:
- The GDPR eliminates implied consent and replaces it with explicit consent. That means that organizations must ask for user data, clearly explain how it will be used, and make it easy for them to update their usage or storage preferences.
- Users can request complete data records at any time. Organizations must quickly respond and provide the information they have outline use cases, and document consent.
- The GDPR follows similar regulations (Privacy Shield Agreement and the Harbor Privacy Principles) that sought to address many of the same issues addressed in the GDPR.
While many think that these rules only impact EU organizations, that’s not necessarily the case. These rules apply to any organization interacting with individuals in the EU online. This includes EU citizens, of course, but other individuals could fall under its jurisdiction.
No wonder many companies have spent years preparing for its enforcement. Despite organization’s earnest efforts to understand and comply with this legislation, Forrester estimates that 80% will not fully-comply with GDPR rules in 2018.
What is the Impact on Digital Marketing?
In short, GDPR is forcing digital marketers to be more disciplined data managers. For years, organizations have compiled data from various sources to learn about consumers in efforts to influence their purchase behavior. Consumers have had little say in the matter, and even less of an understanding around how their information is used, traded or stored.
GDPR changes all of that.
Because of GDPR, marketers must ask for permission up-front, communicate clearly, and explain how information will be used. This is a major departure from current practices in which implied consent and often-unread user agreements rule the day. These changes could have a real impact on existing campaigns and ultimately reshape the future of the practice.
Marketers will also have a heavy hand in managing communications around the release of data records. Everything from how requests are offered, to how the information is contextualized will impact on organization’s reputation. Messages must be carefully crafted and accurately represent existing data management processes and remediation options.
What Can You Do to Get Ready for GDPR?
If you’re just beginning your preparations for GDPR, you’re behind but in good company. Many organizations are still working to get their systems in order to comply with GDPR mandates. Here are a few things you can do to start your journey.
What to do:
- Talk to your lawyer or other authority on GDPR practices
- Access your data collection points and evaluate your risks
- Review your options
- Implement solutions that address the challenges your organization face in complying with the new law
- Consider adding a Data Protection Officer to your organization to lead the charge toward compliance
Want to learn more about GDPR? Visit www.eugdpr.org for a closer look at the regulation, to get useful tips, and to find resources you can use throughout your journey.