GDPR stands for the European Data Protection Regulation, legislation regarding the protection of natural persons in regard to the processing and circulation of their personal data.
The law passed by the European parliament is in force since May 2016. The novelty is that after 2 years, this May 25, 2018 will end the adaptive period, so that organizations and companies must comply with it to avoid heavy fines, in addition to avoiding the consequent damage to the reputation of the brands involved.
This regulation replaces previous ones, that given the remarkable changes produced in recent years regarding big data, cloud and information processing, were totally obsolete. To give an idea, the previous European law dates from 1995, and another one from 1999 was fulfilled in England.
So that you are 100% aware, at CWT Advertising we tell you everything you need to know about it.
Who is affected by the GDPR
One of the biggest changes is the scope of the legislation, since it now applies to all companies that process personal data of people residing in the European Union, regardless of the location of the company or where the information is processed. Previously, the territorial applicability of the directive was ambiguous.
What are the penalties?
The maximum fines can reach up to 4% of the annual global turnover or € 20 million, whichever is greater. The penalty can occur for example for not having enough consent from the client to process their data.
Consent to use information
In another important modification, the conditions for consent have been strengthened, and companies may not use illegible terms and conditions, and extensive legal descriptions. The request for consent must be easily understood and easily accessible, and it must be as simple to accept as withdraw later.
Right of access
Another valuable change is the right of any citizen to obtain their own information, requesting a free copy in electronic format, as well as knowing where their data is being used, and for what purpose.
Right to Forget
The right to be forgotten is a fundamental concept for the privacy of information, when the first conflicts of the European Union with Google arise.
The new law gives users the right to ask the data controller to delete personal information, and also that potential third parties involved also interrupt the processing or dissemination. The conditions for deletion include that the data is no longer relevant for the original purposes, or that the persons involved withdraw consent. In the latter case, the public interest is evaluated when considering such requests.
The impact on email marketing
Finally, we want to tell you that the law has an important application in email marketing.
Companies that register contacts of the European Union and also:
- In an account creation form, they activate by default the option “If you wish to receive data from commercial offers, check this box”. That is, the user must inevitably act to accept the subscription.
- They request at the time of registration to a newsltter, a postal address for the physical sending of offers.
In this special year for the privacy of information and the protection of personal data, with an epicenter in the Facebook scandal with Cambridge Analytica, it is undoubtedly very good news for Internet users that this law comes into full force.