Join David Booth for an in-depth discussion in this video Understanding GDPR and its impact, part of GDPR for Marketers.
- The General Data Protection Regulation is a European law that assigns rights to an individual's personal data. And while it was passed in April of 2016, enforcement is effective as of May 25, 2018. Now I know what you're thinking. "But I'm a marketer, and I'm not in Europe. "So what does this have to do with me?" Unfortunately, and this has been a pretty common misconception, the answer is probably a whole lot. While the GDPR applies to the collection and processing of personal data of European Union residents, it can be enforced with some huge fines against any organization anywhere in the world that happens to touch the personal data of anyone inside the borders of the EU.
In fact, these fines can be up to 4% of your annual global turnover, or 20 million euros, whichever is greater. And the GDPR defines personal data very broadly. Much more broadly than many marketers are used to under familiar working definitions of PII or Personally Identifiable Information. PII is not the same as personal data. And the GDPR widens the definition of personal data to include some pretty common non PII things, like anonymous IDs and cookies.
So no matter where you are, if you have nothing more than a website that could possible be accessed by someone inside the European Union, or you have any modern web analytics or tracking tool installed, then the GDPR applies to you. If this comes as a bit of a shock, you're not alone. Forester has predicted that 80% of companies will fail to comply with the GDPR in 2018. And since this has technically been the law for over two years, before the enforcement date, any grace periods or leniency is tough to justify.
As a marketer in today's reality, the simple fact is that you're collecting, storing, and using personal data as a matter of course. The GDPR means that you'll have to take some extra steps to ensure compliance, specifically when it comes to anyone you interact with located inside an EU country. And while GDPR is there to protect European residents now, other regions of the world are crafting their own rules and regulations that will very likely adopt many of these very same provisions.
So many are seeing this as a wake up call and taking a conservative approach that will serve to protect them long into the future. Keep in mind that the GDPR applies to all of your vendors and technology partners as well. If you're using just about any digital marketing technology anywhere in the marketing or advertising technology stacks that allows for the targeting of digital ads, for example, then you'll be responsible for ensuring that any personal data is compliant as it flows from system to system and vendor to vendor.
The GDPR is a big deal, and it's an even bigger topic. It will touch many functions within an organization. But here, we're going to focus on the most important aspects of what the GDPR means to you as a marketer. I'd encourage you to connect with all the other teams and groups within your organization that are dealing with GDPR, and if your organization hasn't yet started looking into this, well, it's definitely time to sound the alarm.
- Define “personal data.”
- Name three data subject rights provided by GDPR.
- Recall the steps that need to be taken to comply with GDPR.
- Explain “privacy by design.”
- Identify the responsibilities of a data protection officer.
- Recognize the steps required to audit your data and processes.