Coming into effect next year, the introduction of the GDPR will increase harmonisation across countries by providing one law for the protection of data applicable to all businesses within the EU. The new directive will replace the existing Data Protection Directive to make Europe fit for the digital single market, changing the laws controlling how users give consent to having their data stored by businesses.
The new directive will see businesses bearing the responsibility of assessing data risks and their own processes with data, creating a “One-stop-shop” and uniform data protection across the EU.
You might ask what underlies the key changes of the new GDPR directive? Well, we see the intention behind the new directive as being three major concepts.
So, what does this mean for businesses involved in marketing, advertising and social media?
The GDPR will affect all businesses involved in direct marketing, and changing data policies in line with the GDPR regulations is a critical process for any business. There are new categories of personal data definitions (which affects online businesses) and introduce new requirements of targeting online identifiers.
Profiling customers and direct marketing will be monitored, and you must be able to demonstrate that consent has been given. Silence, pre-ticked boxes or inactivity no longer counts as consent, making providing more information about the terms of data collection a requirement of data management.
This category will be treated as personal data under protection of European law, therefore meaning companies will need to update policies, procedures and systems, ensuing additional costs in doing so.
Fines will be implemented
Greater penalties will be implemented for not meeting the new regulations to guarantee businesses adhere to the GDPR and protect sensitive data. If a company is found to be in breach of any of the components of the regulations, alongside suffering damage to their reputation of course, they will have to pay 4% of their annual global turnover (this means revenue, not profits), or €20 million, whichever is greater.
You have just 72 hours after learning of a data breach to send a data breach notification to your national regulator, and to ensure businesses do not find themselves in trouble, detailed research into the regulations should be carried out internally, and evidence should be provided to prove the protection of customer data meets the requirements of the regulation, in case of inspection.
Securing customer trust
It is estimated that two-in-three Europeans are concerned about not having complete control of the information they provide online, but the new GDPR directive will allow easier access to individuals own data, as well as the right to be forgotten, when they no longer wish to have their own data processed, whilst providing access to detailed information on how businesses will collect and use their data.
New rights for individuals include:
- the right to have their data deleted (the right to erasure)
- the right to move their data to another organisation (the right to data portability)
- the right to object to the processing of their data, among others
The redefining of data protection policies will give customers a greater sense of security, helping to develop trustworthy, longstanding relationships between businesses and customers.
Starting this journey sooner rather than later will minimise the risk of a fine, bad publicity or even a legal process.
For further information about the new GDPR directive and how it will affect your business, check out Getting to Grips with General Data Protection Regulations (GDPR)