What is GDPR?

We’re all concerned about our private and personal information falling into the wrong hands. From reducing unwanted sales calls, to preventing those with more immoral intentions, data privacy has been a hot topic for some time. The recent changes to EU data rules have been welcomed by some, and a source of stress for others; particularly those operating businesses reliant on customer data.

The GDPR – or, General Data Protection Regulation – came into effect on 25^th May 2018, and, by replacing the Data Protection Directive 95/46/EC becomes the biggest change to data protection laws in 20 years. It governs an organisation’s ability to process and store information, and although an EU regulation, has implications worldwide.

The previous directive was established in 1995, and the world – technology in particular – has gone through many changes since. The recent change to the data protection regulation makes it more relevant to the world we live in today, which has become significantly more reliant on data and technology.

The changes reach into the work of all those handling personal data, such as IT specialists, legal teams, accounting firms, and more. But how will this new regulation change things for Marketing and Communication professionals, and those preparing to enter the field?

The aims

The GDPR applies to personal data, which refers to ‘identifiers’ such as name, location, or even online information, of an identifiable person. In short, the new regulations place more power in the hands of the public whose data is at risk, with increased scope which stretches beyond EU borders, and threatens heavy fines for those in breach of the terms.

For example, one primary change regards consent; the conditions have been strengthened, preventing companies from using vague or unintelligible forms, and demands clarity and accessibility where data processing is concerned. In particular, this means express consent should be declared in the first instance, rather than allowing you to ‘opt out’, and that it should be equally easy to give consent and withdraw it.

In addition, Article 17’s Data Erasure rules, otherwise known as the ‘Right to be Forgotten’, may see the mailing lists of many companies initially shrink in size if permissions are not acknowledged, or withdrawn.

The implications

With an increased scope, the new regulations mean that, regardless of the location of a company, if it is processing the data of someone residing in the EU they must abide by the new rules set out by the GDPR, and should appoint a representative in the EU. This had immediate repercussions, with the LA Times website becoming unavailable in Europe as the regulations came into effect.

In particular, these new regulations are forcing sales and marketing teams to be very careful in how they conduct themselves. Allowing individuals to be in control of who holds their data, and which data they hold is certainly a good thing, however it will have a strong impact on the way sales teams find and pursue leads, unable to rely on many tried and tested old methods which breach the new regulations.

The future of marketing best practice will also face fresh obstacles; a Chartered Institute of Marketing survey showed the percentage of consumers who don’t trust brands to use their data responsibly is 57%; a further study proved 41% of marketers admit to not fully understanding the law around personal data. With companies facing the possibility that their data sources may suddenly vanish, how will they rise to the challenge?

When previously asked, only 3% of companies reported they were ready for GDPR to come into effect. However, the European Commission’s website states that: ‘Companies will benefit from a level playing field.’ Some would argue that marketers are in the ideal position regarding the regulations, as they are most suitably placed to establish a dialogue with consumers, and judge what they are willing to tolerate.

Some companies – mostly those processing large, or specific quantities of data, such as criminal data - will have a mandatory requirement to appoint a DPO (Data Protection Officer). This does not necessarily need to be an in-house position, however the requirement for Data Protection Officers may see the creation of new positions within many companies. Those in the driving seats of brand reception, such as Chief Marketing Officers, will benefit from working closely with these independent regulators to ensure compliance, and convey that theirs is a brand to be taken seriously.

Though whilst the early stages of the new regulations may create some teething issues, there are certainly positives to be garnered from the change: perhaps one positive is that marketing materials should reach a more invested, interested audience, and sales leads will be much stronger prospects. The clarity demanded by the regulations goes both ways, and companies can confidently target leads with stronger, tailored content. Despite the fears held by many, could this see a marketing golden era?

The future

So how will companies grow and maintain their data, and achieve the advantage moving forward? One thing that can be relied upon is that this new shake-up will demand strong, well-planned strategies, and instigate some creative solutions.

If you’re ready and willing to face these new horizons in your career, consider BA (Hons) Business Management (Marketing) or MSc International Marketing to learn the ropes, and help shape the future of marketing and communications.