Marketers have a major change on the way. The EU’s General Data Protection Regulation (GDPR) will be effective from May 25th, 2018. This change will be the one of the biggest upheavals in European data privacy laws over the last two decades.
Since 1995 the EU Data Protection Directive has been in place. Back then the internet was an infant, smartphones hadn’t been invented, etc. But the world as we know it today is very different. Therefore, the GDPR is a necessary change for the future, as a lot of the data privacy laws that were in place are now outdated or obsolete.
When the GDPR comes into effect, it is a regulation, not a directive, meaning that it will apply to the entire of the EU and is not subject to country-wise legislations. If non-compliance of the regulation occurs, sanctions have been put in place – 4% of worldwide turnover or in lesser degrees 2%.
Impact on B2B and B2C
At first the GDPR didn’t directly mention any B2B or B2C data, and so marketers thought business carried on as usual. This wasn’t the case. In accordance with the GDPR, the Privacy and Electronic Communications Regulation (PECR), also known as the ePrivacy Directive was brought in.
Although not finalised yet, it includes some crucial areas concerning electronic communications that will impact both B2B and B2C businesses.
The GDPR will encompass a lot more than the old EU Data Protection Directive, with social and instant messaging, IoT and email (web-based) being added to it.
This makes a lot of sense due to the rapid expanse of technology in the past two decades. So much data is generated from devices such as smartphones and tablets.
Cookies will no longer be mandate once the GDPR comes into effect. Customers can choose to opt out of them and can’t be prohibited from a website or a service for doing so. There are a few exceptions to this, such as with certain government sites which require personal data.
Soft Opt-In, which was active with the PECR, allowed businesses to send promotional messages to their existing customers. This remains the same with the GDPR but with a difference – the context of the messages needs to be limited to the product/services sale only. With this your businesses CRM needs to be updated with the full list of opt-outs.
Making sure to be prepared for the GDPR and ePrivacy Regulation is the key to being successful in the changing data landscape.
Start by making sure that all stakeholders know about the regulations to avoid the heavy fines. Review all processes that are predominantly data based, as detection, reporting and investigation of data breaches needs to be fast and specific, as any major delays can be fatal in terms of data pertaining to European customers/clients.