You’ve probably heard an acronym floating around in the news cycle lately: GDPR, or General Data Protection Regulation— the new legislation that expands the rights of European Union citizens by regulating organizations that collect, store, use or transfer user data. This will impact any business that collects data from E.U. citizens— these businesses will now be held accountable for how they use and manage personal data.
Failure to comply with these regulations will result in fines as high as 4% annual global turnover or 20 million euros for severe violations. While the legislation is lengthy, there are a few key regulations to know. Companies that fall under GDPR regulations will need to:
- Get the consent of users before their processing data.
- Anonymize data to protect the user’s privacy.
- Provide their users and data breach notifications.
- Safely handle the transfer of data across borders.
- Hire someone to oversee and ensure GDPR compliance.
How will this impact brands who do business in Europe? Here are the fast facts:
- Red Tape for DMPs
- Since DMPs use third-party data via cookies to do lookalike targeting, brands and agencies will need to obtain explicit consent from individuals in the E.U. before using their data. This will impede the process of lookalike targeting, and create a heavy reliance on first and second-party data.
- Obtaining Consent
- What does obtaining consent look like under GDPR? Brands and agencies must create a request for a consent form that is “easily accessible” and explicitly asks for consent to use ‘sensitive’ personal data. However, non-sensitive data does not need to be explicit, but it must be unambiguous. For more information on how to construct this type of request, reference the following resources:
- Legal Legwork
- There will be more legal counsel needed for agencies and brands in order to avoid any fines that may be imposed from non-compliance. This is will be an additional expenditure that brands and agencies will need to counter into their quarterly spending.
- Do we need a DPO?
- Agencies and brands need to figure out whether their company should hire a data protection officer (DPO). If a brand or agency engages in large-scale processing of sensitive data or “large-scale systematic monitoring” they should appoint a DPO. Unsure of whether you need to hire a DPO? Learn more here: DPO decision tree by DOP Network Europe.
GDPR is set to go into effect May of this year, which means brands and agencies who fall under GDPR regulation must start preparing how they will comply with this regulations as soon as they can. If you are uncertain where to start, consult UK’s ICO (Information Commissioner’s Office)— they have a great resource for “12 steps” you can take now to prepare for GDPR this year.
For information about our services, contact us at katana.media/contact.
Also published on Medium.