The new European general data protection regulation: The end for digital marketing or new opportunity?
In May 2018, the European General Data Protection Regulation (GDPR) will come into force for all European Member States. Its aim is to harmonize the data protection law established in the field of economy, and to adapt that legal framework to the Internet. Many believe it is the greatest upheaval in the history of the digital advertising market.
By guest author Christopher Reher, Programmatic Consultant at Platform161
For the first time, the GDPR creates a uniform European-wide legal framework for the processing of personally identifiable information (PII), which almost all data traffic is subject to. And this is valid not only for data within the European single market, but also for any that is passed beyond the EU. But as well as challenges, the GDPR also presents a great opportunity for the entire digital market. For the first time, all market participants will have a binding and reliable legal framework for a fair market environment. And all companies within Europe will have to comply without exception.
CONSUMERS GET CONTROL OF THEIR DATA
The introduction of the GDPR also means major changes to existing law. With the “Data Privacy by Design” directive, companies will be obliged to design data collection processes in a way that collects or processes only relevant PII data. Any additional data without relevance to the actual process may neither be processed nor archived. In the long-term, this will lead to more of a focus on only using essential data, giving the market the chance to make complicated and complex processes and systems more efficient. Products will have to be adapted to be more precise and individual, and to produce less expensive data waste.
With “Data Privacy by Default”, the user will have control over the use of her data, and “Data Privacy” will be the default setting of any browser, or other front-end used to access the internet. In other words, full data protection settings much be switched on by default. The user should then be able to decide independently which applications or websites she makes her data available to.
SIGNIFICANT PENALTIES FOR SMALL AND LARGE COMPANIES ALIKE
Prior to GDPR, businesses had numerous options to evade European data protection regulations, or at least to mitigate their effects. With the introduction of the GDPR however, these loopholes are closed for the first time, because of its European-wide validity. In addition to that, for the first time, companies that do not comply with the GDPR will face considerable sanctions. The penalties imposed can amount to four percent of worldwide annual gross sales or up to 20 million Euros. Fines like this could give even companies as big as Google, Facebook or Microsoft something to think about. And another step the authorities will be able to take could be even harder hitting: failure to comply with the new regulation may result in an immediate, temporarily stop to the collection, storage, processing and use of all data – and with that, the immediate disruption of whole business models.
HOW COMPANIES CAN START PREPARING FOR THE EU-DSGVO TODAY
Companies can and should already be preparing themselves for the introduction of the GDPR on 25 May 2018. That ground work includes careful analysis and documentation of your existing collection, storage, processing and use of data, as well as that of outsourced service providers and contractors. Having a data protection officer in place could also be a decisive advantage. In the long-term, she will be responsible for ensuring that the current guidelines are known and integrated into the company’s processes on time. Continuous training courses should also pass on her data protection expertise to employees, and ensure that everyone is fully informed about how to comply with the GDPR.
Those with servers located outside of Europe should plan ahead and relocate them as soon as possible, excluding the UK due to the upcoming Brexit.
About the author:
Christopher Reher started his career as a project manager and lead in classical display and search engine marketing. Subsequently, he completed his previous experience with the study of jurisprudence as a Diplom-Jurist with a focus on information and communication law. He currently uses his knowledge of IT and data protection law at Platform161 and is a consultant for national and international clients. Platform161 is the leading specialist for tailor-made DSP connections and develops individual algorithms for advertisers, agencies, and publishers. Based on a detailed analysis of an existing infrastructure, Platform161 creates ecosystems tailored to the customer’s needs.