ONLY BY CONSENT
STRINGENT GDPR regulations will soon be landed on every business seeking to trade with residents of the European Union. Ventures large or small, located no matter where, will feel the pressure. GDPR, you ask? The EU’s General Data Protection Regulation is designed to enhance data protection for individuals and will take effect from May 2018. The stipulations are going to be far-reaching and failure to comply will have serious consequences.
GDPR means that consumers’ data can only be used or passed on after consent has been given. For this to take place the nature of proposed information exchange must be made clear to each target.
It is privacy by design, fuelled by the fact that around 80% of people have said they distrust companies when it comes to use of their data. Approaching 500 million have installed ad blockers.
The act states that: “Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.”
TIGHTLY GOVERNED
There will be new requirements for documenting IT procedures, performing risk assessments, rules on breach notifications and tightly governed insistence on a “less is more” approach.
Ramifications are likely to be extensive. Computer IP addresses, for instance, may well be classed as personally identifiable detail. Such redefining is bound to affect advertisers and marketers who routinely store and use this information as part of their web analytics or attribution.
Clients of marketing sector agencies will have to demand of them that GDPR rules are applied rigorously. How was the data collected? Where is it held? How is it secured? Who’s responsible? Client-agency contracts are bound to be revised.
Brand managers have started to ask their agencies about GDPR preparations, including how they would manage contravention and the subsequent fallout.
Wherever consumer intelligence has been purchased, the source will need to be transparent. Businesses dealing with particularly sensitive material or large volumes can expect a requirement to appoint data protection officers.
MASS CLEAROUT
A rise in awareness of the extent and nature of on-file information held should lead to mass binning of outdated, stale lowdown – and onwards to new banks of data that consumers have confirmed they’re happy to share.
Too much data will equate to substantial risks. No longer will detailed personal insights sit in aggregate form on the balance sheets of enterprise. Instead, businesses will have to make more effective use of less.
Change, or be charged, big-time. Huge fines are included in the new legislation. They could add up to 4% of an organisation’s global revenue.
GDPR will reshape the face of promotions and selling. Moreover, impending modifications to the EU-US Privacy Shield agreement threaten to complicate the situation further.
Those who get it right will be able to develop new opportunities for themselves. As for the rest, they could suffer debilitating consequences. No, Brexit will not offer a hiding place.
Return to MARKETING INSIGHT BLOGS or go to MAKING CONTACT
