Only marketers with their heads deep in the sand could have escaped noticing that the General Data Protection Regulation (GDPR) - the future of privacy legislation in Europe - has now been finalised. Or has it?
The text adopted just before the mince pies came out last year is the product of three years of negotiation between the privacy lobby, global business and the European law making apparatus. Inevitably, what we got was a compromise between the interests of all of these parties; a curate's egg for marketers which will mean significant change, if not the Armageddon prophesied when the first draft was issued.
We now have just over two years to make ready for implementation. Sounds like a long time? It's not.
Digesting the two hundred plus pages of the final text has been the job for lawyers and data protection consultants as well as the DMA and FEDMA. There is some good news; explicit consent didn't make the cut, although "unambiguous" consent will be required; there is a specific recognition that direct marketing can be conducted under "legitimate interests". Some of the more onerous requirements for record keeping are gone and not all businesses will need a Data Protection Officer.
What is clear, however, is that current processing - and more importantly current database structures - will not be fit for purpose when the new world of the Regulation dawns. One example is how to record the wishes of individuals who exercise their rights to restrict or even prevent processing of their data. Most databases can handle channel based consent and many have preference fields but how will you store the fact that a customer has objected to profiling or asked for their data to be erased?
And it won't just be the text that we'll have to consider. Before implementation there is likely to be a raft of guidance from European Regulators and, with over fifty points which can be interpreted by individual member States, the level playing field may start to look a bit bumpy.
If all this makes you wonder what impact the GDPR will have on your business and how to prepare for it you should sign up for "General Data Protection Regulation" our one day course IDM which covers what marketers need to know and how to prepare.
Alternatively, check out our online qualification, The Award in General Data Protection Regulation, that explores how the changes in GDPR will affect your organisations marketing strategies.