If you need HELP, SUPPORT or just have a GDPR question please call +44 (0) 208 133 2545 or email us at firstname.lastname@example.org.
Alternatively please visit our contact page
FREE GDPR Helpline
Call +44 (0) 208 133 2545
Companies and organisations that use data at the centre of their sales and marketing activities – and that’s just about everyone reading this blog – will be impacted by the forthcoming EU General Data Protection Regulation (GDPR).
Yesterday (Monday 15 June), the European Council of Ministers gave its strongest signal yet that it was prepared to negotiate the detail of the GDPR with the European Parliament in order to try and reach agreement by the end of 2015.
Agreement between the European Parliament, Council of Ministers and European Commission now looks like a distinct possibility in November/December 2015 after which there’ll be a two-year transition period before sanctions begin to bite.
However, as the blogosphere went into overdrive, many critics were sceptical that this could be achieved in a 6-month time frame given that both sides will need to reach agreement on a wide range of data protection and privacy issues. However, what most commentators forgot to mention was that parties preparing to enter into an agreement (of any sort) need to be prepared to compromise – so as they say, where there’s a will, there’s a way!
How the GDPR fits into an overall framework of changes within the European Union
The Charter is an important development as it’s the first formal EU document to combine and declare all the values and fundamental rights (economic and social as well as civil and political) to which EU citizens should be entitled. The main aim of the Charter is to make these rights more visible. It is important to note that the Charter doesn’t establish new rights but assembles existing rights that were previously scattered over a range of international sources. Now that the national courts and Court of Justice of the European Union (CJEU) have to consider the Charter it can be used to assist in cases where EU law is in issue and clearly GDPR needs to be seen within this context.
A couple of weeks’ ago the EU outlined its strategy to create a digital single market. The thrust of the proposals included establishing standard rules for buying goods online, pruning cross-border regulations on telecoms and reducing the tax burden on business. The plan also calls for a “comprehensive assessment” of whether Facebook, Google and other internet platforms distort competition (aside from posing significant data protection and privacy risks).
EU Commission President Claude Juncker has promised to transform the EU single market for the digital age by removing regulatory walls, moving away from 28 national markets to a single one and generating €415 bn ($468 bn) a year for the European economy as well as creating 3.8m new jobs.
The call for reform isn’t simply politically motivated – many businesses from within and outside of the EU have been pressing for reform in order to compete across a level playing field rather than risk facing fines and penalties across 28 Member States that pursue their own competition, data protection, privacy laws and regulations.
It’s against this backdrop that GDPR is the final piece of the jigsaw that will create a very different picture of the European Union than exists at present.
What’s the big stuff that’s of relevance for marketers?
This can be summarised as:
This includes moves for explicit consent required for the use of data, the so-called ‘right to be forgotten’ and powers to take legal action against organisations that don’t respect these rights by complaining to the supervisory authority rather than going through the court system.
Portability of data
This is essentially about allowing users to extract in a structured format personal data from service providers and to move that personal data to another provider. This idea stems from what happens in the mobile telecoms sector and it’s about giving more say to individuals to decide what happens to their data in practice and being able to effectively make a choice in the market.
According to the European Commission this measure lowers the barriers to entry in particular to those markets which are currently dominated by very few big players.
In this area, the European Commission has studied in detail what some States in the USA have adopted in terms of data breach notifications and are convinced of the case for a federal approach across the EU.
This approach is consistent with what’s known as ‘protection of privacy by design’ which means it’s about marketers investing in good data protection practice and methods as early and as upstream as possible in the provision of goods and services.
The new emphasis on supervision and enforcement placed by the European Commission reflects the transition from an ex-ante to an ex-post data protection and privacy system.
Data protection and data breaches have become much more serious and relevant and currently within the EU there isn’t a credible set of enforcement rules and sufficiently dissuasive sanctions.
In fact, it’s very fragmented, where some countries have power to impose financial penalties and some countries don’t appear to have that power.
The change in supervision and enforcement draws from the experience of competition law. The level of fines – up to 5% of global turnover or €100m whichever is the greater is a maximum and will be applicable to the most serious violations of GDPR where the principles of proportionality will apply and this includes the impact of a data breach on users.
From a marketing and PR perspective, any breach carries the risk of damage to a company or organisation’s reputation so marketers must ensure that all data that is being used in marketing activities complies with the GDPR.
This is making it easier for citizens within the EU to complain about infringement of their data protection and privacy rights under GDPR. However, not everyone in the EU likes this and the Council of Ministers in particular aren’t keen but they could be won over to back this change as it’s a centrepiece of GDPR as drafted by the European Parliament.
The way it works:
Practical stuff for you to consider doing NOW
Don’t sit on your hands and adopt a ‘wait and see’ approach.
Imagine you’re a company and the data controller. You know that once the GDPR is approved, you’ll have a two-year grace period in order to ensure that all data protection and security procedures comply with the principles of the EU Regulation.
However, two years is a shorter period of time compared with the average length of most business and marketing contracts so the implications of the GDPR take effect not in some distance point in time but from TODAY.
For example, all contact renewals and new contacts that entail personal data transfer or processing will need to have a clause in them that effectively says that once the new EU Regulation is passed, the third party has to supply to you within a set time frame its plans to become compliant with the GDPR.
Furthermore, you might need to re-negotiate the third party contract based upon those plans, due to cost and liability issues.
For example, we know there’ll be a statutory requirement to declare a data breach within a very short time frame, so the third party will need a formal process to tell you that they believe there’s a breach and this is what you have to report.
Timescales are short because it’s a two company process. But who’s responsible if the deadline isn’t met?
The answer is simple – it’s you as the data controller!
What penalties do you accept, and what do you pass onto the third party in such circumstances?
This can only be done if it’s provided for in the contracts that you are entering today that have more than a two-year shelf life. Imagine if a data processor has a single data breach but the data is on multiple records. The fine will not be for one breach, but multiple breaches under the GDPR.
Original article published here.
Marketing Implications of the New EU General Data Protection Regulation (GDPR) – Part two.
It’s hard to come by educated people for this topic, however,
you sound like you know what you’re talking about! Thanks
Ⲛormally I dⲟn’t learn article on blogs, ƅut I would
like to say that this wrіte-up pressured me to take a ⅼоok
at and ԁo it! Your writing style һaѕ been surprised
mｅ. Ƭhank you, quitе nice article.
Hiya very cool blog!! Man .. Beautiful .. Superb ..
I will bookmark your site and take the feeds additionally?
I am happy to find a lot of helpful info right here in the put up, we need work out extra techniques in this regard, thanks for sharing.
. . . . .
Simply wish to say your article is as astonishing.
The clarity on your put up is just spectacular and i can suppose you are an expert on this subject.
Well along with your permission allow me to grasp your RSS feed to stay up
to date with imminent post. Thanks 1,000,000 and
please continue the gratifying work.
Aw, tһis was аn extremeⅼy gоod post. Taking a feѡ minutes and actual effort to make a really good article…
I do consider all the ideas you’ve offered for your post.
They’re very convincing and will definitely work.
Still, the posts are very short for starters. Could you please prolong them a bit from next
time? Thanks for the post.
І really like yoᥙr blog
Аw, this was a verү niсe post. Taking the
time and actual effort to creɑte a top notch article…
Hi there, I enjoy reading all of your article post.
I like to write a little comment to support you.
I think that іs one of the m᧐st important information fоr me.
And i am glad reading your article. But should commentary on few basic thingѕ,
Thе website taste is pеrfect, the articles is actually nice :
D. Just right task, cheers
Thanks for yⲟur personal marvelous posting! I seriously enjoyｅd reading
it, you could be a ɡreat author. I wilⅼ make sure to bookmarк your blog
and may come back in the foreseeable future.
I want to encourage you tо definitely ｃontinue your great posts, have a nice afternoon!
I really like it whenever people get together
and share opinions. Great website, continue the good work!
This web site really has all the information I wanted concerning this subject
and didn’t know who to ask.
Your style is really unique in comparison to other people I have read stuff from.
Thank you for posting when you have the opportunity, Guess I’ll just bookmark this page.
Hi mates, іts great paragraph concerning culture and
fuⅼly defined, keep it up all the time.
Save my name, email, and website in this browser for the next time I comment.