The General Data Protection Regulation, otherwise known as GDPR, comes into effect in Spring 2018. It will completely overhaul how every single business in the EU processes, controls and handles personal data relating to customers, clients, suppliers and employees.
With much tougher sanctions for breaching data protection rules, it is vital that every business fully understands the changes the GDPR will bring and is ready for them from the get go.
The following is outline to some of the key facts you will need to know to prepare for the arrival of the GDPR.
What is GDPR?
The GDPR is an EU-wide update of data protection laws created in 1995, which current UK law is based upon.
The new regulations will come into effect on 25th May 2018. In short, the GDPR will give EU citizens more control over how their personal data is collected, processed and used by businesses and other organisations. It will affect anyone who processes and controls data, which more or less covers every type of business.
Different operations and departments within a business will also have to be aware of how it affects their work, marketing teams included. Common marketing activities such as consumer research, CRM and targeted advertising will all be controlled by the new GDPR rules.
Why is it being introduced?
Current data protection laws pre-date mass use of the internet and digital media, and have been deemed unsuitable for an era where businesses can gather data about you every time you visit their website. The GDPR therefore extends the definition of private data to things like IP addresses, mobile device content and social media which businesses can use to profile and target customers through digital marketing campaigns.
Another key aim of the new regulations is to ensure data privacy laws are uniform across Europe, giving greater protection and rights to every individual's data.
What is changing?
Individuals will have much greater control over their personal data. For example, they will be able to ask businesses to disclose what data they hold on them, and request it be deleted if they wish. The GDPR also makes it a legal requirement that businesses make all data collection and processing opt-in, explaining the purpose clearly and giving people the option to say no.
Businesses must demonstrate how they are compliant with the GDPR by maintaining detailed data protection policies. These policies have to show that all personal data used by the company is:
- acquired lawfully and transparently, with the consent of individuals.
- collected for specific purposes.
- processed in a way that ensures the security of the data.
The requirement to collect data with full transparency will stop practices such as gathering contact details for a newsletter and then using them to send targeted adverts. People must be made fully aware that their data is being collected and how it will be used, with tight restrictions on permissible uses. Gaining consent is another key change marketers must look out for, as it is currently common to build and hold customer databases out of incidental data such as customer phone numbers when they call a contact centre.
Is it a good thing?
While the GDPR does mean that businesses will likely need to change their current practices in order to comply with the new regulations, overall the change will benefit both consumers and businesses.
Consumers will get full control over their personal data, making the online world a far safer place to navigate. It will also help to build trust between consumers and businesses. Businesses, meanwhile, have the opportunity to tighten up and rationalise data protection and security in an age when the threat from cyber criminals is growing rapidly.
It is worth noting finally that, despite the UK being set to leave the EU, the GDPR will still apply when it is introduced next May and beyond. Its main aspects have already been copied into a new UK Data Protection Bill, and the rules will also apply to any company doing business with organisations or consumers within the EU.
Ultimate Creative provide branding, web design, and digital marketing services across the UK. For more information, contact our team here.