What is GDPR and how does it impact marketing?
Jacob Beckley
EVP of Innovation & Product at Fusion92, Founder & Chairman of The Beckley Foundation. Founder of CURE Chain - Blockchain Healthcare, Founder of CURE - The Crypto for Good.
GDPR is considered the most significant change to data protection law in the past 20 years, and it's here as of May 25th.
The General Data Protection Regulation (GDPR) was developed in the European Union to give citizens back control of their personal data. Although the law was created with EU citizens in mind, it will have global implications for most companies that deal with the data of anyone who is a citizen of the EU. In short, if you process or retain any data that belongs to individuals living in the EU, you will need to adhere to the new law.
In a nutshell, consumers now have the right to “be forgotten.” This allows consumers to request that their data, incorrect or obsolete, must be deleted without delay.
What does this mean for US marketers?
Marketers must be cautious about how they deal with their customer data. This extends beyond their own infrastructure to that of their vendors and partners. The risks associated with noncompliance could be legal fines and lawsuits.
However, the GDPR does leave some things to interpretation. Companies are expected to provide a reasonable level of protection for personal data, but it does not go into detail about what “reasonable” means. Companies will need to navigate this risk in a way that complies with mainstream interpretation and their risk tolerance.
GDPR requires a notification within three days of a data breach to the EU communities along with a list of those affected and the data exposed.
What types of data are covered under GDPR?
In the new law, “data” is defined as basic identity information, location, IP address, cookies, device ID, health, children, religion, biometric, racial, ethnic, political and sexual orientation.
How can an organization prepare for GDPR?
Organizations must first assess what, if any, data they retain or process in their managed systems. They must then evaluate what data is necessary to their business to maintain their existing and new products or services. They then need to develop a process and plan for a data breach or a request to remove personal data. Finally, they must perform a vendor and partner audit to ensure that processes and procedures to adhere to the guidelines have been put in place.
Stay in contact
For more information on GDPR, or other tech trends and insights, follow @jacobbeckley.