All you need to know about GDPR
GDPR, or General Data Protection Regulation, comes into effect on 25 May 2018. Now only little more than a month away, the huge changes this will make to the marketing industry cannot be overstated. Here’s the latest round up of everything you need to know about GDPR.
A reminder about what GDPR entails
If you work in any way with customer data, you will not have failed to notice the frenzy taking place around GDPR. It is a huge game changer for industries across the globe. Back in September, we explained that ‘GDPR is a piece of EU regulation designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organisations across the region approach data privacy.’
One of the key features of the regulation is that even though it is an EU directive, GDPR ‘applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location.’ This means even those companies based in the USA (or Britain after Brexit), who do not answer directly to EU law, will need to comply if their clients reside in the EU.
Marketing commentators have been following the developments of GDPR. Early this year the regulation featured high on many lists of ‘things to watch’ in 2018. Here at OTB we quoted The Drum as saying that ‘Friday 25 May 2018 will be a date etched in the history of digital advertising’ and ‘while the likes of Amazon, Google and Facebook are sitting quite pretty with tens of millions of registered users, the opposite is true for the swathes of ad tech businesses most people have never heard of.’
GDPR is presenting a huge challenge to organisations across the industry. Time is now running out for companies to ensure that they will be compliant with the new regulation. As a result of this, commentary surrounding GDPR has now reached fever pitch! Here is the roundup of some the key discussions taking place.
Know where to find the information you need
The Information Commissioner’s Office, the UK’s ‘independent authority set up to uphold information rights in the public interest,’ has provided a helpful guide to explain ‘the provisions of the GDPR to help organisations comply with its requirements.’ The guide is designed as a living document. It will frequently be updated and expanded in a bid to provide the most up-to-date information available.
Econsultancy has also provided an extensive list of sources for finding information on GDPR. This includes a report it has commissioned to specifically deal with the key information affecting marketers. It outlines the implications for marketers, which include the need for transparent communications and understanding the new rights of individuals. The report provides ‘a clear action plan for how marketing teams can become GDPR compliant.’
Make space for a new team member
For the Wall Street Journal (WSJ), one of the many aspects organisations might need to consider when making the shift towards compliance is the need for a data protection officer to join your team.
Although, as WSJ points out, ‘corporations have had two years to prepare for GDPR,’ only 58 per cent claim their firm has a ‘detailed and far reaching plan’ to comply with GDPR. Even if these firms can meet the deadline in time, remaining compliant will be an ongoing challenge. Many organisations are ill-equipped to deal with this future issue.
WSJ points to an often overlooked element of the 88-page law. This states that if ‘European operations are vital to your company, and your firm has a database, in either electronic or paper format, of personally identifiable information on more than 5,000 European residents, GDPR stipulates your firm must hire a “data protection officer”.’ There are relatively few professionals possessing the expertise needed to fulfil this position. The demand for such an officer is going to quickly outstrip supply. This will add another headache and costs to organisations who need to pay premium to attract the talent they need.
Stay up to date
While the initial deadline for GDPR is only around 6 weeks away, the saga won’t end on 25th May. Staying up to date with all the latest developments is crucial. Once the new regulation comes into place there will be case studies and precedents set. Learning from them will help to shape and mature your own organisation’s approach to GDPR.
One helpful forum of marketing professionals is Marketing Week’s GDPR webinar series. It has brought together influential industry names such as:
- Steve Forde, director of online product and marketing at ITV
- John Mitchison, director of policy and compliance at the DMA
- Rob French, general manager for data privacy at Shell
They will discuss how marketing departments are tackling compliance. Have you got your place booked in?
GDPR will inevitably have an impact on your offering and methodology, no matter what size business you own. Make sure you keep up to date with the commentary and have the information you need in an accessible format. This will help you better undertake the final push needed before 25th May to meet the necessary demands.
