The new GDPR Law (General Data Protection Regulation) impacts all businesses. In this primer, Marc Stubbe (Managing partner at The CMR Agency), summarizes important facts about the new GDPR from the perspective of a marketer.
(If you want in-depth information about how GDPR affects you and your business, get Markedu’s Newsletter to receive an invitation to a free upcoming webinar)
On 24th May 2016 new EU legislation entered into force which requests companies and organizations to handle personal data in a different way. Here are some of the most important changes:
– Businesses must set clear targets for the use of personal data and should not collect more personal data than is necessary.
– Also, companies must prove that their clients have given explicit permission to use their data and that they understand what is happening to their data.
– Where personal data are processed for direct marketing purposes, individuals have been granted the right to object at any time to the processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.
– Data breaches must be reported immediately
– Individuals have the right to transfer their personal data from one platform to another, from Whatsapp to Telegram or to Dappre and from LinkedIn to Facebook and back.
– Finally, there is the ‘right to be forgotten’: the obligation to delete customer data from the systems, if the customer asks for it.
Complying with many of these will likely represent some challenges for most companies.
Check also this slide deck for a more in-depth summary of important points related to GDPR
New GDPR Law is already in effect – but business has a grace period to comply
The rules entered into force on 24th May, this year already. Companies, governments, and other organizations have time to adapt their processes and procedures until 25th May 2018, after which the rules will be applied by the supervising authorities.
Who fails to comply with these rules by that time not only risk a heavy fine (administrative fines up to € 20.000.000, or in the case of a business undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher) but also negative publicity, loss of credibility and trust.
However, those who actively embraces the new GDPR law and regulation, will stand out, have a chance for renewed customer intimacy, be associated with ease-of-use for the customer and be able to reduce costs at the same time.
Whilst the authorities will enforce the new rules from 25 May 2018 onwards with fines, individuals can already now rely on the new rules in civil procedures. Thus there is an urgent need to act.