EU Data Regs: The Elephant in the Room

2016-04-22-1461307768-1196836-elephant.jpg

By Andrew Bridges, Data Quality and Governance Manager at REaD Group

As the world's biggest brands and marketers descend on London for Advertising Week 2016 to debate the latest trends and most pressing issues, I wonder just how many will be discussing what is set to be the most impactful pieces of legislation to ever to hit the marketing industry. Very few, I imagine.

I’m talking about the General Data Protection Regulation.

If you haven’t heard of it, where have you been? The GDPR is a new piece of EU legislation that has been working its way through EU parliament for the last two years. A decision has finally been made and the regulation will officially come into play in 2018.

If you aren’t talking about it, then you need to start now. Like it or not, the GDPR will have very real consequences for any company trading in the EU that collects, holds or uses personal data for any purpose, not least for marketing. Whether you are a small independent agency or major global brand, preparation needs to begin immediately.

So what are the things you need to know?

Firstly, it is happening. There is no point in burying your head in the sand; GDPR is not going away and there are no loop holes. The regulation has been drawn up, approved and will be implemented in early 2018.

Secondly, it is compulsory. The GDPR is a regulation, not a directive. This means that it is law and anyone caught not complying will face legal action and heavy financial penalties. These are likely to be fines of up to €20m or 4% of a company’s annual worldwide turnover, whichever is greater.

Thirdly, there are new rules around consent. These are perhaps the most important changes that marketers need to be aware of. Under GDPR, organisations will be required to gain unambiguous and informed consent from individuals in order to hold and use their data. This means giving individuals clear preference options in marketing consent forms that allow them to choose exactly how their data will be used. Any data that is held without this level of consent, even if it was collected prior to the GDPR, will be considered illegal. Marketers will need to spend the next two years ensuring their databases are immaculate and consent forms equally as flawless. 

So where do you start? It seems like a big job, but taking a couple of simple steps should set you up on the right path.

  • Audit: Take a look at your data estate and get a good understanding what you have in terms of information, systems and architecture. Ask yourself how much of your data is opted in and fully permissioned for mail, email, phone or other? Any data that does not meet the consent criteria must be erased or consent sought.
  • Appoint: Assign an individual to be responsible for data protection and compliance within your organisation. Make it their job to ensure internal security and data privacy procedures are watertight. You will need to have accountability. Companies with over 250 employees will be required by law to employee a Data Protection Officer dedicated to this role.

Data will no doubt be the word on everybody’s lips at AWE this year.  But whilst opportunities and strategies will inevitably take centre stage, legislation will remain the elephant in the room. Data protection may not be sexy but with marketers increasingly relying on data to hone their practice, it certainly can’t be ignored.

Whilst getting all your ducks in a row may be a challenge in the short term, the GDPR will almost definitely be beneficial in the long run. The new regulation will mark a new era of openness, honesty and transparency in the marketing industry, enabling brands to only communicate with individuals as they wish to be communicated with. This will ultimately help foster more valuable relationships between brands and consumers to the benefit of both parties.