GDPR is a term that’s being heard a lot more recently as 2018 approaches. Businesses have been prepared for the past 18 months for its implementation – but what is it? Why do we need it? And what happens if you’re not compliant?
GDPR or DPA?
The General Data Protection Regulation (GDPR) will replace the Data Protection Act (DPA) 1998 when it comes into force on 25th May 2018. It builds on the same principals as the DPA when it comes to processing data but is more refined (and stricter) taking into account the pros and cons of the ‘big data’ world we now live in. The amount of data being created has skyrocketed since the introduction of social media and is far less structured that it ever was. More information about us is being recorded than ever before, and GDPR exists to protect the use of that data. You will still have the same rights to access your data and object to your data being used – but companies have a lot more holes to jump through before they can use the data.
But Brexit?!
We all know our days as an EU member are numbered. However that doesn’t affect GDPR. In fact it doesn’t matter where you are in the world – if you are handling data of EU citizens you have to comply with GDPR.
By the power of GDPR
There are a few new elements included in GDPR. Individuals have some new rights and companies have to be far more careful over how they get and how they use their data.
Individuals now have the right to erasure of data (or the right to be forgotten), the right to data portability and the right to object to their data being used to profile them for marketing campaigns. They also have the right to withdraw their consent to data usage at any time.
Companies have a few more things to comply with:
- Consent: companies will have to prove that they have explicit consent from individuals to use their data in a given way. If the data is relating to a minor they must have the authorisation of the parent or legal guardian. If consent is withdrawn, companies have 72 hours to remove the data from their systems.
- Accountability, reporting and privacy: Companies will need to keep more accurate records of the data they hold and what it is used form, must inform individuals of their rights to data privacy and report any breaches in data security to affected individuals and their regulator within 72 hours.
- Data Protection Officers – larger companies must have a Data Protection Officer (DPO) appointed to ensure GDPR compliance
- Fines – the big one – companies can be fined 20 million euros or 4% of annual worldwide turnover (whichever is higher) for data breaches. On top of that, individuals can claim compensation for damages.
The effects on marketing
The biggest area of marketing that GDPR is going to affect is email marketing. Gone are the days where you could easily buy a data list and fire out emails and newsletters to thousands of people without a seconds thought. Now anyone wanting to market to individuals through email will have to comply with GDPR or face the rather large financial consequences.
Elastic can guide you through the email marketing process with some engaging designs and automation processes to make sure you’re targeting the right people in the right way. To find out more, please get in touch.