As digital marketers, we will be all impacted by Europe’s data protection regulation taking place on May 25, 2018. It will undergo the biggest changes over the last two decades and will represent a cornerstone of the digital air. For this reason, I have decided to focus my new post on the European General Data Protection Regulation (GDPR). Moving forward the new regulation will change how businesses and public-sector organisations handle the information of customers.
According to Richard Henderson, Global Security Strategist at Absolute – “To describe the new rules as an update or a refinement in the data protection regime is not accurate – this is not a fine-tuning of the law. A far more fundamental change is taking place.”
In other words, what does it mean?
The GDPR is Europe’s new framework for data protection laws – designed to strengthen and unify data privacy across Europe but it will also provide greater protection and rights to individuals. It tackles the personal data exportation outside the EU. First and foremost, the GDPR aims to give authority to consumers over their personal data and to facilitate the regulatory environment for international business by unifying the regulation within the EU.
Who will be impacted?
Every European citizen will have the opportunity to institute the application of the GDPR and to assert the rights and guarantees the adequate support to any company (European or not) that
collects its data. The stakes are high as the matter is to force, in particular on the American and Asian giants, the application of the same binding rules as their more modest European competitors, as soon as the data of a European citizen are collected and processed – it includes all: VSEs / SMEs, multinational corporations, banks, insurance companies, online retailer, IT services companies, SaaS service providers, mobile application editors, etc. In 2017, there’s been an unprecedented amount of data breaches, including Yahoo, Xbox, Gmail, DocuSign, Verizon, and Deloitte.
All will be impacted by the GDPR when processing of personal data is carried out. It is a leading transformation in the way, the roles and the responsibilities were handled and the way they will be shortly reshuffled – so far controllers faced the major liability in any legal risks, and shortly controllers and contractors will be on an equal footing with sanctions for non-compliance. It is also worth mentioning that both private and public sectors are subject to the binding rules of the GDPR.
How the GRDP will impact corporations: Threat or opportunity?
In a recent study by Vanson Bourne where 625 IT managers from France, the UK, Belgium and Luxembourg were asked about “how do they prepare for the GDPR.”
The study highlighted the fact that 54% of companies have a limited level of understanding regarding the fines associated with the GDPR. Also, 17% of the companies admitted that if they faced these fines they would have to shut down and 39% of IT managers surveyed believe that these fines would lead to redundancies within their company.
In France, la CNIL (National Commission on Informatics and Liberty) was not authorised to go beyond than 150,000 euros for a fine. From May 2018, French regulation bodies will impose sanctions of up to 20 million euros or 4% of the company global turn over.
In addition, the enforcement of GDPR is perceived contrastively amongst Europe as 30% of the French companies see the GDPR as a priority, unlike 6% in the United Kingdom and 25% in the Benelux. Moreover, 8% of French companies consider the GDPR as not a priority compared to 20% in the United Kingdom and 11% in Benelux.
Six months ago, only 42% of companies in Western Europe thought they would be ready for the implementation of the GDPR.
Finally, 98% of organisations have implemented or are in the process of implementing a formal employee plan that will define the data security policy and what is expected from them regarding the management of personal data. It seems that despite some limitations, organisations are taking steps to raise awareness in the area of data security and take this issue seriously.
Despite, this dark picture, it is also important to highlight that GDPR will open up some major encouraging solutions for both B2B and B2C industries, such as:
• Effective email marketing
With GDPR, B2B data will be considered in the same way as B2C data: Opt-in is required (for registered businesses).
In other words, users will be prompted to opt-in to any marketing communications, and on the other hand, the organisations will need to be able to provide evidence that they are responsible for managing the data.
One of the positive impacts of GDPR is that companies will clean-up and fine-tune their current databases which will lead to a refined list of users who have opted into communications which are much more engaged, drive to higher open, click-through, and engagement rates for email campaigns.
• Increased customer confidence
Consumers are well aware that from May 2018, their data is valuable to companies. Ultimately, this new level of transparency will bring to the customers a degree of trust that will enable them to share more data with their favourite brands.
• Avoid data breaches
Under the new GDPR regulation, any data breaches should be stopped before their burst. Additional data protection and security regulation benefit both customer and the brand.
GDPR is at the heart of organisational changes and will enable any businesses through culture and processes transformations to be ready for the future.
In conclusion, GDPR is not only about draining and lengthy procedures, but it also leads to many occasions for great data and a more personal and bespoke relationship with customers. It’s also the chance for the marketing department to stand out and demonstrate that a new data strategy can enhance marketing ROI.