Hopefully by now, businesses which have not earmarked Friday May 25 2018 as EU General Data Protection Regulation (GDPR) “D-Day” should be few and far between.
After nearly two years of headlines which painted a worrying picture of blanket ignorance throughout the sector, finally awareness has risen.
While many businesses still feel unprepared for the changes, at the last count, only 6% of firms had not heard of GDPR.
The new Information Commissioner Elizabeth Denham – who succeeded Christopher Graham in the summer – is certainly doing her utmost to mention GDPR in virtually every breath, so no-one can say they haven’t been warned. She has also shown she will be no pushover, forcing WhatsApp and Facebook to suspend their data sharing activities.
In November, the regulator also started to publish its GDPR compliance guidance, insisting it will do so in stages over the two-year implementation period – rather than as a single document – with each piece of guidance addressing a specific topic. The next batch is expected early in the new year.
Of course, the next 12 months will be crucial in terms of businesses getting in shape for the new legislation. With fines of up to 4% of global turnover for serious data breaches, the stakes are high.
Just to prove the point, TalkTalk could have faced a £70m fine under GDPR for last year’s data breach, instead of the £400,000 it received from the ICO, while for Three Mobile it could have been an eye-watering $2.2bn (£1.8bn).
There is also the small matter of recruiting 7,000 data protection officers in the UK alone.
But there has been growing concern over what will happen to GDPR post-Brexit. UK bosses are the latest to wade in, arguing that their ability to do business will be hindered once Brexit takes place if UK privacy rules are not at least equivalent to the Brussels edict.
There are other changes on the horizon, however, namely a review of online marketing legislation in the EU e-Privacy Directive, which Brussels plans to have wrapped up by the time GDPR is in place. Digital Europe – a body that represents the likes of Google, Apple and IBM – has claimed that the anticipated €415bn (£300bn) revenue expected to come from the Digital Single Market is now under threat, so expect intense lobbying over the coming year. There are also fresh concerns, aired this week, after a leak showed the new regulations the EU Commission is proposing would make all B2B marketing opt-in, which could significantly impair growth for many in the sector who use marketing under legitimate interest to acquire new customers.
There is also a proposal to make all live marketing phone calls opt-in only, although it is not mandatory and would be down to each member state to decide which route to take.
Closer to home, the ICO will be gathering evidence and industry opinion to draw up new laws governing direct marketing and “customer engagement” as promised in the Digital Rights Bill.
The Bill gives the ICO a broad remit to put forward new rules in accordance with the Data Protection Act and the Privacy & Electronic Communications Act, but the regulator has been told to take into account the views of trade associations, members of the public and bodies that represent members of the public.
Many see it as a real chance for those working in the industry to shape the future of direct, data and digital marketing. Verso Group operations and compliance director Dene Walsh said at the time: “The mood noise behind the Bill indicates a tightening of regulations, and this has to be a good thing as long as it is aimed at eliminating rogue behaviour by ensuring good practice.
“It will be important that we make as strong a case as possible to the ICO during consultancy stage to emphasise that strong workable rules go hand in hand in protecting the public and ethical marketers.”
So, whichever way you look at it, next year will be a big one for new regulations covering direct, data and digital marketing. Just make sure your voice is heard, too.
ICO poised to draw up new code for direct marketing
ICO issues privacy notice warning in first GDPR code
ICO commits to data law overhaul despite Brexit win
Third of businesses still feel unprepared for GDPR
Canadian to take over as Information Commissioner
EU reforms put £300bn digital market in jeopardy
EU data reforms: the top 5 issues for marketers
7,000 data protection officers needed for UK firms
Marketers clueless about Brexit impact on data laws
Data compensation claims ‘could run into millions’
EU sets May 25 2018 as GDPR implementation date
Industry on alert as EU reviews online privacy laws