Are you ready for GDPR?

On 25 May 2018, the new General Data Protection Regulation (GDPR) will become effective throughout the European Union. This revolutionary data protection law is the first of its kind since 1995, and introduces much-needed strictures on companies’ collection, storage, and use of customer information. GDPR has been well-publicised, with a recent Econsultancy survey estimating that 67% of marketers are aware of its approach; but many companies are still unsure about the specific consequences of the regulation for marketing.

Simply put, GDPR requires marketing firms to document clearly what happens to the customer data which they store, and to make changes to the ways in which they go about collecting customer information in the first place. Companies are required to conduct regular internal privacy assessments; when seeking to acquire data, they must implement a policy of “privacy by design” by requesting clear and unambiguous consent (for example, in the case of email marketing or website sign-up forms) and by practicing so-called “data minimisation”, i.e. ensuring that only data which is absolutely relevant to the company’s purposes is stored while “nice to haves” – customer location and so on – are forgone.  

In May 2017, The Economist made the controversial but apt claim that personal data is now the world’s most valuable resource, even ahead of oil. To understand the rationale behind this declaration, consider the utter centrality of personal data not only in the marketing sphere but within retail and countless other sectors. The GDPR – a failure to comply with which could lead to fines of up to €20 million, or 4% of global turnover – is a necessary and important step in the regulation of this invaluable resource.