With less than a year to go, on the 25th of May 2018, the General Data Protection Regulation (GDPR) will be enforced upon businesses collecting personal data. Failure to comply with the regulation could result in a huge fine of up to 20 million euros or 4% of annual turnover – whichever is highest. Ouch.
So, what exactly does GDPR mean?
GDPR means that businesses will have to integrate many changes. Some changes will be relatively small, like not using opt-out (pre-ticked) boxes to consent. Some changes will be larger, like giving the identity and contact details of the data controller, and in some cases, hiring a Data Protection Officer.
Some of the more general requirements of GDPR are to outline the purpose of the data collection, the legal grounds on which it operates, and specification of how long data will be held. The data collector must outline to the individual their right to erase or rectify their personal data and make clear to them their right to withdraw consent and to make a complaint.
- Data controller: Decides how data is processed.
- Data processor: Maintains records of personal data and processing activities.
The introduction of GDPR means that the top priorities for marketers should be: conduct impact assessments; give individuals more control of their data; and revision of data policies.