GDPR, or General Data Protection Regulation, comes into effect on 25 May 2018. Now only little more than a month away, the huge changes this will make to the marketing industry cannot be overstated. Here’s the latest round up of everything you need to know about its impending implementation and the debates you should be following.
If you work in any way with customer data, you will not have failed to notice the frenzy taking place around GDPR and what it entails for multiple industries across the globe. Back in September, we explained that ‘GDPR is a piece of EU regulation designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organisations across the region approach data privacy.’
One of the key features of the regulation is that even though it is an EU directive, GDPR ‘applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location.’ This means even those companies based in the USA (or Britain after Brexit), who do not answer directly to EU law, will need to comply if their clients reside in the EU.
Marketing commentators have been following the developments of GDPR, and early this year the regulation featured high on many lists of ‘things to watch’ in 2018. Here at OTB we quoted The Drum as saying that ‘Friday 25 May 2018 will be a date etched in the history of digital advertising’ and ‘while the likes of Amazon, Google and Facebook are sitting quite pretty with tens of millions of registered users, the opposite is true for the swathes of ad tech businesses most people have never heard of.’
Presenting a huge challenge to organisations across the industry, time is now running out for companies large and small to ensure that they will be compliant with the new regulation. As a result of this, commentary surrounding GDPR has now reached fever pitch and so here is the roundup of some the key discussions taking place.
The Information Commissioner’s Office, the UK’s ‘independent authority set up to uphold information rights in the public interest,’ has provided a helpful guide to explain ‘the provisions of the GDPR to help organisations comply with its requirements.’ The guide is designed as a living document, so it is constantly being updated and expanded in a bid to provide the most up-to-date information available on key areas of the regulation.
Econsultancy has also provided an extensive list of sources for finding information on GDPR, including a report it has commissioned to specifically deal with the key information affecting marketers. By outlining the major implications for marketers, which include the need for transparent communications and understanding the new rights of individuals, the report provides ‘a clear action plan for how marketing teams can become GDPR compliant.’
For the Wall Street Journal (WSJ), one of the many aspects organisations might need to consider when making the shift towards compliance is the need for a data protection officer to join your team.
Although, as WSJ points out, ‘corporations have had two years to prepare for GDPR,’ only 58 per cent claim their firm has a ‘detailed and far reaching plan’ to comply with GDPR. Even if these firms can meet the deadline in time, remaining compliant will be an ongoing challenge that many organisations are ill-equipped to deal with.
WSJ points to an often overlooked element of the 88-page law. This states that if ‘European operations are vital to your company, and your firm has a database, in either electronic or paper format, of personally identifiable information on more than 5,000 European residents, GDPR stipulates your firm must hire a “data protection officer”.’ With relatively few professionals possessing the expertise needed to fulfil this position, the demand for such an officer is going to quickly outstrip supply, adding another headache and potentially large cost to organisations who need to pay premium to attract the talent they need.
Even though the initial deadline for GDPR is only around 6 weeks away, the saga will not be over on 25th May. Staying up to date with all the latest developments is crucial, as once the new regulation comes into place there will be case studies and precedents happening that can help to shape and mature your own organisation’s approach to GDPR.
One helpful forum of marketing professionals is Marketing Week’s GDPR webinar series, which has brought together influential industry names such as Steve Forde, director of online product and marketing at ITV, John Mitchison, director of policy and compliance at the DMA and Rob French, general manager for data privacy at Shell, to discuss how marketing departments are tackling compliance.
Whether your organisation is a multinational corporation or a local SME, GDPR will inevitably have an impact on your offering and methodology. By keeping up to date with the commentary and having the information you need in an accessible format, you can better undertake the final push needed before 25th May to meet the necessary demands.