So, one might ask “is all the hype over EU General Data Protection Regulation a similar over-the-top reaction?”
In short – NO!
Despite the thousands of column inches attributed to the implications of these legislative changes that came in to force on 25 May 2018, over 50% of SMEs and over 30% of large companies were unprepared for the introduction of some of the most important laws affecting businesses’ sales, marketing and IT activities. Many of these still have not taken the steps to comply.
And just to be clear, these are not new guidelines – they are now the law; and the maximum penalty for flouting them is Eur20m or 4% of worldwide turnover, whichever is the higher – easily enough to put many SMEs out of business!
Every company that collects or processes personal data on an EU resident is affected. And the GDPR definition of “personal data” is much wider than the old DPA one, including for example, monitoring the behaviour of EU residents by tracking their digital activities. Effectively, that could include pretty much all companies’ websites and/or apps. Also included are any data that can be used to identify individuals – personal and company emails, IP addresses or still or video images for example. So it’s difficult to see which companies aren’t affected.
GDPR is a fundamental change in the way that data collection.
and use is regulated. Historically we have been used to relatively straightforward laws and low levels of enforcement; GDPR probably has the most onerous personal data laws and penalties in the world.
Of course, that means enhanced compliance procedures and processes – not only are companies forced to apply the new laws, but they must also be able to demonstrate that they are compliant. This in turn has wide implications on IT for example how data are stored, indexed and transferred.
But equally important are the implications for Sales and Marketing, who need to adopt an entirely customer centric attitude; many need to completely rethink the ways they collect and use customer and prospect information, paying heed to the new, exacting requirements of consent and privacy.
“Won’t everything just get back to the old ways after we leave the EU?” ….NO!
Clearly, for companies wishing to trade in/with the EU, the new laws will be in force (and enforced). For others continuing to trade within Britain and non-EU countries, cyber security and data privacy is viewed as being so important that we’ve committed to continuing to adopt into UK law the principles of GDPR – post Brexit.
May 2018 may have passed without crisis – but our advice is don’t delay – GDPR affects all companies that hold any personal data. Assess whether you need external help and start planning now.
Colin Jupe
Certified GDPR Practitioner
Copyright © 2024 Marcom (Marketing Communications) Ltd. All rights reserved.
Cookies & Privacy Policy. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Sorry, the comment form is closed at this time.