Simply put, GDPR requires marketing firms to document clearly what happens to the customer data which they store, and to make changes to the ways in which they go about collecting customer information in the first place. Companies are required to conduct regular internal privacy assessments; when seeking to acquire data, they must implement a policy of “privacy by design” by requesting clear and unambiguous consent (for example, in the case of email marketing or website sign-up forms) and by practicing so-called “data minimisation”, i.e. ensuring that only data which is absolutely relevant to the company’s purposes is stored while “nice to haves” – customer location and so on – are forgone.
In May 2017, The Economist made the controversial but apt claim that personal data is now the world’s most valuable resource, even ahead of oil. To understand the rationale behind this declaration, consider the utter centrality of personal data not only in the marketing sphere but within retail and countless other sectors. The GDPR – a failure to comply with which could lead to fines of up to €20 million, or 4% of global turnover – is a necessary and important step in the regulation of this invaluable resource.