GDPR – A New Era For Data Protection

GDPR – a new era for data protection

Well, there you have it. The laws are in and you will no longer have to see those annoying spam GDPR emails from those companies you didn’t realise existed.  The 25th May 2018 saw the single biggest overhaul of data protection of our time take place. All the frantic scrambling taking place in many businesses was simply the implementation of these regulations.  This can only mean one thing – a new era for data protection.

What Is GDPR?


If you’ve been living under a rock for the past few weeks let me explain it quickly. The General Data Protection Regulation (GDPR) is a replacement for the Data Protection Directive.  This is a regulation in EU law regarding data protection and privacy for all individuals within the European Union. It addresses the export of personal data in the EU.

The two main objectives of GDPR:

  1. Give citizens and residents back control of their personal data.
  2. Simplify the environment for international business by unifying the regulation within the EU.

How is this being enforced? Instead of hundreds of pages of legal documentation outlining the terms and conditions of a business’ data practices, companies will need to create clear notices and get unambiguous consent from a user.

What does GDPR mean for my business?

The simple answer is that it means a lot. Any company, big or small, will have to comply in some way with new regulations regarding the secure collection, storage, and usage of personal information.

Does your business have less than 250 employees? You will not be bound by GDPR… well, kind of. If the processing carried out is likely to result in a risk to the rights and freedoms of data subjects, you could still be fined for failure to comply.

Your employees could ask you to disregard their data if they wish, within reason. You will obviously need to keep basic information such as their banking info, name, and their address. This is essentially so they can be paid unless they want to work for free, I guess? 

Breaches of data security must be reported immediately to data protection authorities such as the Information Commissioner’s Office (ICO) in the UK. Ideally, breaches should be reported within 24 hours if possible but at least within 72 hours. Failure to do so means a hefty fine.

What fines are there?

You will get either a cool invoice bill of up to £20 million in the mail or a lovely cut in 4% of your global sales. Pocket change.

4%So it only counts for EU Citizens?

While every EU citizen is bound by this law, any company that operates within the EU will be subjected to GDPR. If these companies don’t operate in the EU though they obviously don’t need to.

Do you think this will affect the advertising/marketing industry?

Data is probably the most effective tool in the industry, so yes. Data is used to predict ratings, impressions, clicks etc. It is used to paint a unique picture of a consumers spending habits and interests. So yes, there’s little doubt that GDPR is going to shake up the digital marketing landscape. So it is important for businesses to ensure they have implemented the changes necessary to comply.

Granted there are a lot of brilliant things that consumer data can offer the marketing and advertising industry. However, hackers also have nefarious motives to get their hands on this information. So it’s important to remember that it isn’t about making life difficult for businesses, it’s about making it difficult for criminality to prevail.

Steps towards compliance

I’m guessing most of you will have already taken these steps but if you haven’t you should determine if and how you will be affected. Analyse your processes of how data is:

  • Collected – get the specifics of your opt-in statement right.
  • Recorded – this must be provable.
  • Stored – privacy and safety are paramount.
  • Retrieved – the data subject has the right to request access to data stored about them.
  • Disclosed – you must be transparent about who you share details with and share responsibility with any third parties.
  • Erased – the data subject has the right to be forgotten.

In Conclusion…

It’s important to remember that the language we use can dictate the conversation. Meaning that humans are highly adaptable and changes will be constant in this digital world we currently reside. With the possibility of a slow-down in the progression of marketing, ensure your business is ready to adapt in order to tackle this. Don’t just accept it, do what you can in order to drive business development and sales.

Don’t forget that many users don’t want to change the conveniences they have adopted in their lives. The frequent use of sites like Google, Facebook and Amazon mean that the data at our disposal, in which we use daily in our work practices, probably won’t go into complete lockdown as feared. Essentially there shouldn’t be too much of a change it will just be a safer environment for everyone involved!