GDRP Impact on Digital Marketing
The General Data Protection Regulation is a regulation that is intended to strengthen data protection for individuals within European Union countries. At its core, the GDPR is intended to provide individuals more control over and additional safeguards with respect to their personal data, including the right to be forgotten and the right to know when their data has been hacked.
The GDPR is also intended to unify privacy and data requirements across the European Union. However, countries will be permitted to regulate specific types of data, like health data.
In short, companies that conduct business in the European Union may need to reassess their privacy protocols as they may not pass must under the new GDPR regulations which set a higher standard for consent.
It is widely anticipated that the GDRP will have a significant impact on the digital marketing industry, particularly with respect to how personal data is collected, used and stored for commercial purposes, consent management and what companies must do to bring themselves into compliance.
The new law affects every company that uses personal data from European Union citizens. It provides data localization, data encryption and anti-SPAM.
If you send email in the European Union, regardless of where you are based, you will have to comply with the GDPR. Affirmative, opt-in consent for commercial communications will be required. The new law specifies the nature of such consent, including what constitutes “affirmative” consent (e.g., checking a box, etc.).
Consumers must be informed about the brand that is collecting the consent and information pertaining to how data will be used, including the maintenance of data in a CRM database.
Importantly, GDPR also applies to existing data. So, if presently existing email lists do not meet GDPR standards, they will be off limits when the new law takes effect.
In-line with U.S. Federal Trade Commission best practice guidance, data should never be retained for longer than needed and should only be used for intended purposes – those which a consumer would reasonably and legitimately expect. Avoid colleting unnecessary data.
Additionally, the new law provides for the appointment of a data protection officer to oversee compliance, including responding to consumer inquiries.
The new privacy and data protection rules come into force on May 25, 2018. GDPR will impact any organization – including those in the US and Canada – that does business in the European Union.
Penalties for non-compliance will be steep. Up to €20 million or 4% of total annual revenue, whichever is greater. Compliance is also critical from the standpoint of securing a competitive advantage.
This article should be of interest to social media influencers and marketers. Consult with an experienced FTC defense lawyer for assisting designing and implementing preventative compliance controls, or if you are being threatened with civil litigation or a regulatory investigation.
Follow the author on Twitter.
Richard B. Newman is an Internet marketing compliance and regulatory defense attorney at Hinch Newman LLP focusing on advertising and digital media matters. His practice includes conducting legal compliance reviews of advertising campaigns, representing clients in investigations and enforcement actions brought by the Federal Trade Commission and state Attorneys General, commercial litigation, advising clients on promotional marketing programs, and negotiating and drafting legal agreements.
ADVERTISING MATERIAL. These materials are provided for informational purposes only and are not to be considered legal advice, nor do they create a lawyer-client relationship. No person should act or rely on any information in this article without seeking the advice of an attorney. Information on previous case results does not guarantee a similar future result. Hinch Newman LLP | 40 Wall St., 35thFloor, New York, NY 10005 | (212) 756-8777.
Please contact advertising law attorney Richard B. Newman if you are interested in discussing the design and implementation of GDRP compliance protocols, or if you are the subject of a regulatory investigation or enforcement action.