Why the final text General Data Protection Regulation is just the beginning

Only marketers with their heads deep in the sand could have escaped noticing that the General Data Protection Regulation (GDPR) - the future of privacy legislation in Europe - has now been finalised. Or has it?

The text adopted just before the mince pies came out last year is the product of three years of negotiation between the privacy lobby, global business and the European law making apparatus. Inevitably, what we got was a compromise between the interests of all of these parties; a curate's egg for marketers which will mean significant change, if not the Armageddon prophesied when the first draft was issued.

We now have just over two years to make ready for implementation. Sounds like a long time? It's not.

Digesting the two hundred plus pages of the final text has been the job for lawyers and data protection consultants as well as the DMA and FEDMA. There is some good news; explicit consent didn't make the cut, although "unambiguous" consent will be required; there is a specific recognition that direct marketing can be conducted under "legitimate interests". Some of the more onerous requirements for record keeping are gone and not all businesses will need a Data Protection Officer.

What is clear, however, is that current processing - and more importantly current database structures - will not be fit for purpose when the new world of the Regulation dawns. One example is how to record the wishes of individuals who exercise their rights to restrict or even prevent processing of their data. Most databases can handle channel based consent and many have preference fields but how will you store the fact that a customer has objected to profiling or asked for their data to be erased?

And it won't just be the text that we'll have to consider. Before implementation there is likely to be a raft of guidance from European Regulators and, with over fifty points which can be interpreted by individual member States, the level playing field may start to look a bit bumpy.

If all this makes you wonder what impact the GDPR will have on your business and how to prepare for it you should sign up for the IDM's online qualification, the IDM Professional Certificate in GDPR, which explores how the changes in GDPR will affect your organisations marketing strategies.

Did you find this blog useful?

At the IDM we are passionate about educating marketers and providing resources to help advance your career.

If you are interested in enhancing your CV and upskilling, browse through our wider range of marketing courses and qualifications; from one-day short courses to post-graduate diplomas.

Our learning and development team will be happy to advise based on your needs and requirements.

Back to blogs
Contact Us