On 4 May 2016, the official texts of the Regulation and the Directive have been published in the EU Official Journal in all the official languages. While the Regulation will enter into force on 24 May 2016, it shall apply from 25 May 2018. The Directive enters into force on 5 May 2016 and EU Member States have to transpose it into their national law by 6 May 2018.
Before that, it’s vital for brands to comply with the new regulations. Besides for being strict, the fine associated with violation is not something you want to mess with. Penalties can be up to 4% of worldwide turnover. So let’s say you’re a 10 million euro company, it means you pay 40.000 euro for each trespassing of the law, with a maximum fine of 10 million or 20 million euro, depending on the direness of the violation.
Any company that has consumer data from the European Union is affected by this law, even when not based in a European country.
By standards of the new GDPR, a company must ensure for consumers:
Transparency: The person whose data is being processed, is made aware of this.
Usage restriction: Data is collected for one specific purpose, and cannot be used towards any other purpose.
Data restriction: The scope of the data is limited to only that necessary towards the collection purpose
Retention restriction: Data can only be kept for the time necessary to serve the goal of the collection purpose
Integrity and confidentiality: Consumer data must be protected against access by unauthorized third parties, loss or destruction
Accountability: The accountable part must be able to measure to above requirements.
We strongly recommend any of our partner companies to start taking steps today in cooperation with their legal department. Also, recognizing that it is vital for marketers to understand the GDPR implications and how strategies may be adjusted in time to avoid surprises.