This is the Big Data age. There is more data in existence than ever before, and every mouse click, social media like and online review creates its own unique data stream. Given that we live so much of our lives online in 2018, much of that data is pretty personal, so it goes without saying that data protection is something that needs to be taken extremely seriously.
It is also, however, something that can be a huge headache for businesses and digital marketers, especially given the upcoming introduction of the new EU General Data Protection Regulation (GDPR), which comes into force in May 2018.
The question is, do you know what effect the GDPR will have on your practices?
And are you ready for it?
If not, Indy can shed some light on what it is and what it’s going to mean for your marketing business.
Getting your head around the GDPR
The General Data Protection Regulation has been four years in the making and will replace the existing Data Protection Act (DPA) from 1998. It brings tougher fines for non-compliance and harmonises data protection law across the EU.
This is not an EU Directive, which the UK can then apply through its own laws. It’s a regulation. It comes straight into force, across the EU – and even though we’re due for Brexit, we’re still a part of the movement at the moment, so it still applies to us here in the UK.
The main driving force behind the new regulation has been the increase in digital and online data. Twenty years ago, the virtual world was a very different place. The original DPA is no longer fit for purpose and needs to be updated to reflect all the tools and technologies that help us store, collect and manage our information.
What are the implications for digital marketers?
The regulations state that data must be processed lawfully, transparently, and for a specific purpose. They also make it clear that once the purpose of the data has been fulfilled and it is no longer needed, it must be deleted.
There are various interpretations of “lawfully,” but from a digital marketing perspective, the one to focus on is that the subject needs to have given lawful consent.
We are all familiar with the existing rules whereby anyone that gives us their data must be given the opportunity to opt out of having this information used for marketing purposes. But one of the most fundamental changes under these new rules is that this is no longer sufficient. Pre-ticked consent boxes will no longer do the job, and subjects must specifically opt in to the arrangement.
The rules regarding transparency and using data for a specific purpose also mean that marketers can no longer use a blanket consent for general marketing. There needs to be specific opt-in form for each type of channel, and for every purpose that the data will be used for, such as marketing, analytics, profiling and sharing. For the latter, companies will also need to tell customers which third parties they intend to share their data with.
It’s up to us to implement better, stronger data security measures
The existing DPA has always stressed the importance of data security, and the new GDPR takes it equally seriously. As the data holder, you have a legal responsibility to store data securely and to use adequate and appropriate instruments to ensure its protection. For digital data, this means choosing secure servers, implementing encryption, using strong passwords and making use of restricted access if you need to.
Penalties for offenders
This is the bit that’s striking fear into the hearts of digital marketers across the country! The GDPR will have harsh penalties for non-compliance that are enough to severely damage or even destroy any business. If you’ve been proven to not follow the regulations to the letter, you could be faced with a fine of up to 4% of your revenue, or 20,000 euros, depending on which amount is greater. If the breach isn’t as severe, the fine may be reduced to 2% of revenue, or 10,000 euros – but that’s certainly enough to throw you off course if you’re an SME.
Our advice? Make sure your company is prepared for the challenges ahead. Smart Insights has put together a fantastic guide on the practical steps you can take to comply with the new legislation. There are plenty of resources here and it’s well worth a read if you’re only just starting to get to grips with the GDPR.