Act now on general data protection regulation
IN April the European Commission approved tough new data laws – the General Data Protection Regulation (GDPR) – which will come into force in 2018.
It's a major shake-up: more than 200 pages of major reforms will introduce concepts such as the consumer's ‘right to be forgotten'; raise levels of verification for opt-in consent; demand that companies store consent permissions; and make unapproved data unusable. Companies that don't comply could be fined up to 4 per cent of their global turnover, or €20m.
According to Henley Business School, the new statutes are “a huge threat to business continuity for the marketing sector in the UK”.
Maybe, but the laws should not be a surprise for marketers. It has taken four years of discussions to reach this point, but even if businesses have remained unaware of the path towards legislation, few can have missed the fact that the uses and abuses of customer data have been a hot topic for years.
Something was always going to be done at some point, especially as the EU data protection directive, which the new laws will replace, was written in 1995 – it is essentially a relic of a pre-internet age, and certainly not fit for purpose in this time of social media, cloud computing and the Internet of Things.
The GDPR will bring definition, clarity and accountability to data practice. Much more than bringing in a code of ethics, it will enforce transparency and create a legal framework around the ‘single digital market'.
For many marketers, it is likely to signal upheaval. All private and public organisations operating within the Eurozone that hold 5,000 or more customer records will have to assess and change their approach to the data they hold. GDPR will also affect global supply chains – for example, companies in India that hold data about EU citizens must also conform to the new laws.
For some companies, it could mean a laborious and expensive appraisal of data they – or their outsourced suppliers – already hold. For others, it will necessitate a radical overhaul of the way they do business.
Marketers will recognise that the new regulations reflect a growing demand for reform among consumers, and the hope of putting an end to headlines about data breaches by household-name brands. But knowledge isn't enough. Compliance advice from the Information Commissioner's Office needs to be acted upon now.
On the issue of Data protection now is the time for marketers to act.
This is why CIM Ireland is hold a seminar on marketing in the digital world on July 20 in Belfast, covering intellectual property, copyright and data protection changes. It is free to members and open to non-members.
Social media (protection and promotion) will also be a key theme of CIM's free August event at the Ulster Grand Prix on August 9 at 8am, looking at the lessons business people can learn from sport promotion. You can book your place by visiting: regions.cim.co.uk/Ireland/home
:: Carol Magill is CIM Network Manager for Ireland.