LONDON/BRUSSELS: Global marketers have been advised to prepare themselves for the introduction of new data privacy laws that will come into force across all 28 member states of the European Union in 2018.
After much anticipation, the European Parliament last week voted in favour of the General Data Protection Regulation (GDPR), which replaces the EU data protection directive that was drawn up in 1995, before the internet really took off.
The new toughened legislation has the stated aim of ensuring that "the fundamental right to personal data protection is guaranteed for all" and comes into force in the summer, after which member states have two years to prepare and comply.
"The General Data Protection Regulation will help stimulate the Digital Single Market in the EU by fostering trust in online services by consumers and legal certainty for businesses based on clear and uniform rules," the European Commission said in a statement.
EU consumers will be protected with a new right to "data portability" and their "right to be forgotten" will be strengthened along with other measures to protect how their data is used.
For companies, the European Commission argues that they will benefit greatly from having a single set of rules across the EU, rather than dealing with 28 separate jurisdictions. It says this could save them around €2.3bn every year.
However, the most significant change is that companies that fail to comply could face huge fines of €20m, or up to 4% of their global turnover. Importantly, this will apply to any company that handles the data of EU citizens whether they are based in Europe or not.
To discuss these matters, the Association of Online Publishers (AOP) hosted an event in London where it highlighted a 12-step checklist for marketers that has been produced by the Information Commissioner's Office (ICO).
"We're in a bit of a difficult time, and the area of behavioural advertising is a particular area of interest," said Ian Bourne, the ICO's group manager of policy.
Simon Morrissey, head of data privacy at legal firm Lewis Silkin LLP, told delegates that businesses will need to build up their training and auditing functions while also ensuring that all privacy notices are concise, transparent and easily accessible.
"The key thing is that you are going to have to use a bit more clarification to users that they have these rights [to be 'forgotten'], and then obtain their consent to use this data for commercial process," he said.
Meanwhile, Zach Thornton, external affairs executive the Direct Marketing Association, said: "Data is the lifeline of our members. The GDPR will change the way businesses use data.
"The scale of change is massive, but the two years before the GDPR become law are a great opportunity for marketers to look at what they are doing and make sure they are comfortable with the regulations, and adapt."
Data sourced from European Commission, The Drum; additional content by Warc staff