The recent report by the Data and Marketing Association (DMA) that indicated that nearly half of all businesses will be unprepared for the new European Union General Data Protection Regulations has brought into sharp focus just how much marketers will have to increase their responsibilities when processing personal data. Duties that will become crucial will include weeding out any possible risks to privacy to scrapping non-compliant databases. There’s no doubt that for most companies there will be a lot of work. According to Zach Thornton, the DMA’s public affairs manager, the key to compliance will be reconnecting with your database.
“Reconnecting with your database is the most important single consideration in the run-up to GDPR. Marketers will need to reconnect with their customers and ensure that their consent statements or other ways they have collected personal data will be compliant under GDPR.”
This could lead to a big reduction in the data that marketers have at their disposal which could in turn lead to a greater reliance on the likes of Google and Facebook for targeting and tracking. This could also be the case thanks to the fact that some companies may find the costs of bespoke GDPR compliant systems prohibitive in terms of cost. Simon Morrissey, partner and head of the data and privacy practice group at Lewis Silkin says:
“We have noticed a significant uptick in GDPR-related inquiries this year, but many companies are reluctant to allocate sufficient budgets to their legal, compliance and IT teams to ensure that they are ready for the changes when they apply next May.
“This is resulting in significantly scaled-down GDPR compliance projects that are quite limited in scope and therefore increasing the risk of missing key gaps in an organization’s ability to comply with and demonstrate compliance with the GDPR.”
The key takeaways from the latest Data and Marketing Association include:
- The GDPR is actually already in effect, and the deadline for complying with it in full is May 25, 2018.
- The fines for breaching the new General Data Protection Regulations are severe and are €20 million ($22.5 million), or 4 percent of global turnover, whichever is higher. The European Union’s regulator have made it very clear that they intend to enforce these fines rigorously, especially high profile brands as going after these will be a clear signal that all types of organisation have to comply.
- The definition of personal data includes cookies and IP addresses. This could be problematic for digital marketers.
- Advertisers must get specific, explicit and informed consent from European Union residents.
- The GDPR doesn’t just apply to organisations in the European Union, it applies to any organisation in the world that process the data of European Union citizens.