It stands for General Data Protection Regulation and it is a regulation by which the European Parliament intends to strengthen data protection for all EU citizens. Don’t ask me what affect Brexit will have, probably nothing in the shorter term as we expect it will be carried across into British Law anyway and when it comes into effect, the UK will still be in the EU!
When it comes into effect it will replace the Data Protection Act 1998, which was borne out of the data protection directive from 1995 that most marketers will have worked with throughout their careers so far. It was adopted on 27th April 2016 and applies from 25th May 2018 after a two year transition period.
The EU wants members of the public to have more control over how their data is used. We all know too well some of the stories in the press in the last year or two about lost data, usage of data and even the selling of data from one media company to another. If the legislation is stronger then enforcement measures are stronger and the digital industries can become more trusted over the coming years.
As I am mostly aiming this post at marketers, it is certainly senior marketers in any business who need to be fully up to speed on the new regulations and ensure there are controls and processes in place to ensure personal data is protected. It doesn’t matter what the type of business is or what sector it operates in, businesses will be far more liable under the new GDPR than they were under the Data Protection Act.
What Data ?
This is the interesting thing for me. The EU has expanded the definition of ‘personal data’ to even include online tagging such as IP addresses!
People’s rights ?
Anyone can ask to see the information that is stored against their name and can also ask questions such as how the information is used, how long is it kept for, who sees it. They can also ask for the data to be changed or deleted, in fact they fully have the right to demand that the data is deleted.
Businesses should prepare as early as possible. A Data Protection Officer should be appointed, data protection policies should be reviewed and form part of any business improvement programme. Technology should be assessed to ensure it is compliant and very importantly third party suppliers and partners should be reviewed to check that they are also preparing for the new GDPR!