Editor’s Note: This article on what marketers need to know about GDPR appeared originally in Digital Marketing Magazine.
It is just over two months until the new EU-wide General Data Protection Regulations (GDPR) come into force. Starting May 25, 2018, organizations could face potential heavy penalties for misuse of consumer data in a bid to give EU citizens better control of their personal information.
According to a recent survey from the Direct Marketing Association, around a quarter (24%) of companies have yet to start a plan of attack, while only a little over half think that their organizations will be ready for the 2018 deadline. But what does the GDPR really mean for marketers and how can you take steps to address it now, so you don’t leave it too late?
What the GDPR means for marketers?
The purpose of the GDPR is to unify data privacy principles and practices across Europe, giving EU citizens more control over their data and increased capacity to dictate how organizations may use that data. If you have an EU data subject that you are marketing to, then regardless of where you are located in the world you will have to comply with the GDPR.
Previous EU directives addressing customer data were more like digital rules, and have been interpreted in many different ways by different EU member states – some countries, such as Germany, have much more restrictive interpretations of existing methods than others, like the UK. Conversely, the GDPR is a law, meaning that all countries will have to abide by it in the same way.
The GDPR is the most comprehensive law coming into effect for the last 20 years, and will affect every company in some way, shape or form. It will most certainly have a dramatic effect on digital marketers. To begin with, there will be a lot of confusion. Can you track someone using their data? Can you share this data with third parties? If a customer wants to leave, do they have the right of erasure, and will companies have to return certain data? At the moment, it’s a very grey area, especially as the definition of personal data has been expanded to include online identifiers such as cookies and IP addresses. However, it is also a chance for marketers to reassess the data value exchange between business and user, and I believe it will ultimately lead to better digital marketers.
What should companies do to prepare for the GDPR?
If you’re a marketer in any sector, it’s important that you are thinking about your current data acquisition and customer contact practices and how these need to be adjusted in order to meet compliance. Come May 25th, companies will need to show that they are working to comply with the regulations, and those found non-compliant could very well be hit with a substantial fine.