If you're compliant with the current Data Protection Directive 95/46/EC (DPD) then you don't have to worry too much about the forthcoming General Data Protection Regulations (GDPR) which come into effect in May 2018. "The problem is that many companies aren't," said Christine Andrews, managing director, DQM GRC, a company that specialises in governance risk and compliance.
At a May 2017 GDPR Seminar hosted by LolaGrove, a data logistics and enablement company, Andrews signalled the importance of GDPR, declaring "this legislation has elevated privacy to the levels of being a human right".
With that, she proceeded to advise the 100+ marketers in the room how their companies can become GDPR-compliant and accountable. First, it is necessary to understand the key data protection revisions brought about by GDPR:
- GDPR demands stricter conditions for gaining consumer consent to processing data,
- Consumers have a Right to Erasure (formerly known as the Right to be Forgotten),
- Companies must adhere to the "Accountability Principle" i.e. it must be able to demonstrate compliance.