Data protection laws - what are the implications?
(Posted on 06/07/17)
In 2018, proposed tougher EU regulation laws, known as the General Data Protection Regulation (GDPR) will come into effect. These come as a direct result of the need to replace the EU data protection directive, formed in 1995 when the Internet was still in its infancy, as the web poses an ever greater risk to data protection. The 200 page document explains how companies need to be more transparent with what they do with personal data, while giving individuals more control over their information. It also covers new concepts such as the ‘right to be forgotten’, data portability, data breach notification and accountability. But what do these changes in data protection mean for the marketing sector?
You will be required to implement security measures and notify users/controllers of any breach.
Some definitions will evolve under the new regulation. For example, ‘personal data’ will now be clearly defined as anything that identifies an individual, such as location data or ID numbers.
Data Protection Officers
You are required to appoint a Data Protection Officer wherever your activities “require regular and systematic monitoring of data subjects”. DPOs can be employees or third-party consultants, but must have authority to act independently and report to senior management.
The GDPR greatly increases the level of transparency that data processors need to operate under. More comprehensive information must be provided to users when collecting their data and the purpose for collecting data will have to be fully explained.
Failure to comply with the GDPR could lead to some pretty eye-watering fines - €20m or 4% of global revenue, whichever is the higher being the maximum level. The level of fine depends on factors such as intention, cooperation and quality of data practices.
Detailed information, including the potential impact of Brexit, can be found here General Data Protection Regulation.