One of the hot topics around London Tech Week this week has been the incoming European Union regulation called the General Data Protection Regulation (GDPR) and how it is going to impact digital marketing channels.
About the GDPR:
The General Data Protection Regulation is the biggest update to European data protection laws in a generation. Because it is European Union regulation and not an EU directive that would provide for local adaptation, it does not need any local implementation to come into force on May 25th 2018. This regulation will be automatic across all EU member states including the UK because on the 25th of May 2018 the UK will still be a full member of the European Union. Note to UK businesses: yes the GDPR does impact your company so start preparing now to avoid scrambling at the last second to comply.
Show me my Customers isn’t legal advice, we’re just simply giving you the heads-up about the changes to regulation that you’ll need to adjust to by May of next year. The London law firm Harbottle & Lewis has written a good article on how the GDPR could play-out after any Brexit agreement was completed investigating the various possible scenarios for businesses that operate in the UK.
The UK Data Protection Act vs GDPR:
According to the UK’s Information Commissioner’s Office, the body that regulates data protection, many of the GDPR’s main concepts are the same as those in the current UK Data Protection Act (DPA) so if your business is already complying properly with the current law then most of your approach to compliance will remain valid under the GDPR. However, there are new elements and significant enhancements, so you will have to do some new things and other things differently.
For example, organisations will have to review their approach to governance and how they manage data protection as a corporate issue. This is because the GDPR places greater emphasis on the documentation that data controllers must keep to demonstrate accountability.
12 Action Points from the ICO:
The UK’s Information Commissioner’s Office suggests mapping out which parts of the GDPR will have the greatest impact on your business model and work on updating those areas with the level of attention they require in your planning process. The ICO has created a useful 12 step guide to getting ready for the GDPR that all businesses can use as a reference tool.
What if I am not a Business Headquartered the EU?
You will still most likely need to comply if you are operating inside or selling into the EU because your business operations and digital channels like your website will be inside an EU country collecting customer data. For example if you are an American, Brazilian or Japanese company and you sell into any country in the European Union, you will need to be compliant with the GDPR because you are handling the personal data of EU citizens. Unfortunately having your servers outside the EU doesn’t cut it because someone inside the EU will be sending or accessing personal data and that is covered by the GDPR.
For businesses inside an EU member state, consult your country’s data protection regulator for more information or a local data protection lawyer. For businesses outside the EU, you can reference the European Union guidance or consult a local data protection lawyer who will be able to further assist you.
Rules & Regulations:
It’s important to stay on top of the rules and regulations that govern your business’s operations. We wanted to flag this issue to give readers a heads-up because this big change will also impact how you carry out your marketing activities so that steps can be taken to get your business ready in the months ahead of the GDPR’s implementation date of 25 May 2018.