Two new data protection & privacy regulations coming in 2018

You may have read about the General Data Protection Regulation (GDPR), which will take effect in May 2018. But now there's a second privacy-related regulation on the horizon. The European Commission presented its formal proposals for the new ePrivacy Regulation on Tuesday 10th January.

Since the last ePrivacy Directive was created, back in 2002, there's been an explosion in the worlds of digital technology and data. So the new Regulation is much needed to catch up with the all the changes we've seen and provide a sound framework for privacy in the future.

A few highlights of the ePrivacy Regulation

ePrivacy will be a Regulation and not a Directive. Therefore it will be adopted in full across all EU member states and not adapted to suit each country, as has happened in the past for EU Directives.
It's broad scope covers the processing of electronic communications data, regardless of whether that processing takes place within the EU or elsewhere. It applies to OTTs (Over The Top) service providers such as:

  • WhatsApp
  • Facebook Messenger
  • VoIP (Voice Over IP) service providers such as Skype and Viber.

These digital providers will in the future be bound by the same laws as more traditional providers, which have for a long time been regulated for telephone calls, email communications and SMS messages. As with the current ePrivacy Directive, whenever electronic communications are used for direct marketing purposes via email, SMS or telephone, prior consent must be obtained. It's good to see that the so-called 'soft opt-in' will remain, although potentially with some limitations.

The current requirement to clearly communicate when cookies are being used for tracking purposes has led to most sites using banners to inform users about their use of cookies. This practice has been widely criticised, including by users perpetually presented with information messages.

Under the ePrivacy Regulation there would not be a requirement to gain prior consent if cookies are just being used for configuration purposes - such as keeping a website stable when items are in a shopping basket, or for first party tracking.

But what about the General Data Protection Regulation (GDPR)?

Despite all the changes coming with Brexit, the UK Government has recently confirmed that the GDPR will be implemented in the UK as planned on 25th May 2018.

A recent survey by Symantec of 900 businesses across the UK, Germany and France found that more than 90% of responders didn't fully understand GDPR. It's evident that many organisations need to get themselves up to speed very quickly!

GDPR will impact upon how organisations collect, process and share. The regulation enhances individual rights as well as introducing new requirements, such as:

  • A higher bar for consent
  • New requirements for profiling
  • New liabilities for data processors
  • Data portability
  • Data protection officers
  • Data protection impact assessments
  • Notification of data breaches
  • Much higher fines and penalties.

Would GDPR training benefit you?

If you're not up to speed with GDPR yet and how it will affect your business, perhaps you should consider the IDM's GDPR qualification.

Did you find this blog useful?

At the IDM we are passionate about educating marketers and providing resources to help advance your career.

If you are interested in enhancing your CV and upskilling, browse through our wider range of marketing courses and qualifications; from one-day short courses to post-graduate diplomas.

Our learning and development team will be happy to advise based on your needs and requirements.

Back to blogs
Contact Us