What is the GDPR?

The EU’s General Data Protection Regulation (GDPR) is a new initiative about to come into force on May 25, 2018.

The regulation is designed to unify and clarify the disparate data privacy regulations across the European Union.

Essentially everyone will now be on the same page when it comes to data protection laws, with identical laws across the EU designed to protect citizens from organisations who could use their data illegally or irresponsibly. It will eliminate multiple rules and create a single, clear set of boundaries when it comes to how you can handle and treat customer data, including spamming and data mismanagement. It also creates recourse for consumers to access and understand the data organisations have on them.

Why is it happening?

Firstly this is to safeguard rapidly exploitable citizens from data misuse, but also for the sake of simplification across various nations and to better handle modern data issues in a simple uniform fashion. This is a ‘cloud conscious’ renewal of the outdated 1998 Data Protection: It is a modernised regulation to reflect the changing way we exchange our data for ‘free’ services such as facebook as well as a response to snowballing data profiles, targeted marketing and increased data mining efforts and techniques.

Who does it affect?

  • Business ranging from retail to IT to marketing and sales can all be affected.
  • The GDPR will apply to businesses of all sizes from the ‘Google’s of the world’ down to a 2 person marketing company.
  • You will be affected if you market with, share or handle the information of EU data subjects (even if outside the EU).
  • With Brexit still banging on, those dealing with UK customer data are included in this regulation.
  • Data ‘controllers’ and ‘processors’ need to abide by the GDPR in particular.

What will be happening?

  • A single set of rules will now govern how organisations deal with and treat customer data and will apply across the entire EU, meaning dozens of separate regulations will be replaced.
  • More clarity will be created over the legal environment in which both businesses and EU citizens operate.
  • Compliance will be vital and compulsory with large fines up to 20 Million Euros for breaches.
  • Most companies will need to appoint a data protection officer and ensure all of your business channels and partners are also GDPR compliant.

Business changes

This will not just affect IT. Sales and marketing will be affected greatly.

  • One of the main tenants is the need to have prospects, whether on your CRM or in a mailing list, double opt in to receive e-newsletters or EDMs for example.
  • Consent to receive communications will need to be recorded in an audit trail, with the onus of proof for consent back on the business (opt outs, assumptions and disclaimers no longer enough)
  • Collecting a business card or mailing list or scrubbing the web for email addresses will no longer fly when it comes to business communications.
  • Many businesses with CRM systems (especially with incomplete consent records) will need to reach out and gain consent once more.
  • If you are a data contoller or collector, you will need to very careful the new rules are followed and records kept, if you are a secondary processor of data, you need to ensure your controller and any third party is also compliant.

In a nutshell,  this will be a huge change for many companies, reshaping how sales teams prospect and the way your marketing activities are organised and executed.

Citizen power

This is also a reshaping of consumer rights in the age of big data. What are some of the key new EU citizen powers?

  • The right to be forgotten or removed from databases.
  • The right to access your data and request copies from organisations.
  • The right to be informed their data was gathered.
  • The right to correct faulty data.
  • The right to object to data processing.


So make contact with a specialist in this field, understand where you fit in all of this and ensure you are compliant or you will feel the sting!