A Layperson’s Guide to GDPR

June 13, 2018

    If you are a marketer, publisher or digital business, GDPR probably makes you shutter. For the rest of you, it probably makes you shrug. Let’s quickly break it down, in plain English.

    What is GDPR?

    The General Data Protection Regulation (GDPR) is a new regulation governing data protection and privacy in the European Union (EU). It went into effect Friday, May 25, 2018. Its goal is to give citizens more control over how their data is used. In the wake of Facebook’s Cambridge Analytica debacle, that’s a mission most people can get behind. But for marketers, publishers and vendors, it entails radical and expensive changes.

    Even companies that are based outside of the EU have to abide by the new laws if they are offering good or services to EU citizens. That basically means every business in the world scrambled to become GDPR compliant.

    What did GDPR change?

    GDPR mandates that businesses be upfront about how they are using consumer data. If they are selling it to third-parties or using it for digital ad targeting, they need to tell you. Then, they have to obtain your consent. If a consumer doesn’t want their personal data used in a certain way, they can opt-out. GDPR also requires organizations that handle sensitive data on a large scale to appoint a data protection officer. Failure to comply results in massive fines, possibly as much as four percent of a company’s annual revenue.

    There is a lot more to it then that. I have ghostwritten at least five articles about GDPR, but I still can’t pretend to know all the details. If you are really interested (or a masochist), read all about GDPR here.

    To prepare for GDPR, companies leaned on their in-house legal counsel or hired outside experts. They often had to make massive changes to their privacy policies, compliance processes and in some cases, overhaul the way they use and store data, which can have massive implications for a business.

    As a consumer, you probably noticed you received a lot of emails about updated privacy policies on or around 5/25, and that a lot of websites are serving popups with messages about how they use data.

    What happens post-GDPR?

    Execs around the world did a happy dance post 5/25. I don’t blame them, but at the risk of being a buzzkill, experts predict GDPR-related fallout as the industry adjusts to the legislation. Complaints have already been filed, and the finger-pointing has already begun. Some fear that GDPR will only strengthen the digital advertising duopoly, Google and Facebook, since smaller companies may not be able to afford the necessary changes, or to weather hefty fines.

    Oh, and more changes are imminent. The ePrivacy regulation is in the works in Europe and US legislators are discussing the merits of the CONSENT Act, short for the Customer Online Notification for Stopping Edge-provider Network Transgressions act  (Now doesn’t that roll off the tongue?)

    So, there you have it–an abbreviated overview of every marketer’s least favorite four-letter word, GDPR.

    By Jacqueline Lisk

    Photo cred: https://martechtoday.com/consent-unworkable-programmatic-ads-era-gdpr-209358