What Does The New EU Data Protection Regulation Mean for Marketers?
March had marketers in Europe somewhat on edge, as they awaited the decision of the European Parliament on the proposed Data Protection Regulation. And, for good reason did they prick up their ears because the new regulation is set to introduce significant changes to the rules of the marketing game.
While the EU’s Council of Ministers is yet to issue a response to the original text of the regulation, the Parliament members’ decision was almost unequivocal (621 in favour, out of a total of 766, but only 653 who voted) in favour of the less business-friendly version of the proposal.
Before final conclusions can be made it must be seen whether the Council will be just as supportive of the regulation and in which of its versions. Meanwhile, what is the Data Protection Regulation and why would marketers be on edge about it?
Why a New Regulation?
The incentive to update the current Data Protection Directive (from 1995) comes as no surprise. Directives in the EU, unlike regulations, can be implemented by member states in the most suitable way for each particular member state.
This resulted in different member states adopting different measures and procedures to safeguard personal data and information that were not consistent or coherent between each other. That was 20 years ago. By now that legal document is in dire need of being reformed and updated.
Hence, the introduction of a regulation, which will come into full effect 2 years from the date it is approved and adopted. Its coming into effect will most likely not be before the end of 2016, even if the Council of Ministers issues its decision very soon. What distinguishes the regulation from the directive, within the EU legal framework, is that regulations become directly enforceable as law in all member states.
This makes a regulation a good solution to the problem of diverging national laws and procedures. It would apply equally and in the same way to all member states and would introduce a consistent way of addressing data security and protection issues. But enough about that, what does the upcoming regulation have to do with marketers and is there cause for concern? Well, depends…
The EU Data Protection Regulation in a Nutshell
Now, while the introduction of the regulation is a good thing, with personal data having become quite an issue throughout the last few years, marketers may find themselves challenged by the regulation’s stipulations. These include, among others:
1. The right to be forgotten (the right to erasure)
I.e. the right of individuals to have all of their data deleted. This also includes any data that may have ended up with third-parties.
2. Higher fines for breaches and failure to comply with rules
A violation of the regulation and other data protection laws could result in a fine of up to ˆ100 million or up to 5% of annual worldwide company turnover.
3. Explicit consent
Any data that is acquired must have been explicitly and intentionally provided by individuals. This equally includes B2C and B2B types of data for marketers. In other words, silence or inactivity on an individual’s side cannot be equated to consent.
Personal data will altogether be redefined and it will become increasingly harder for businesses to acquire data, analyze and segment it, and use it for targeting marketing campaigns. The amount and type of data available may possibly become very limited.
5. Data breach notification
Businesses will be obligated to inform “without undue delay” anyone affected by a data breach, as well as the relevant supervisory institutions and authorities.
6. Direct marketing as a legitimate business interest
Collecting and processing data for marketing purposes will be restricted to only direct marketing by post. Any other type of marketing will require an individual’s explicit opt-in consent.
7. A wider scope
Not only will the regulation make data protection and regulation a ‘one-stop-shop’ case but the regulation’s scope will ambitiously cover and concern companies that work beyond the borders of the EU. How? Simply by working with data belonging to someone from the EU.
On the other hand, it will make the rules equal everywhere, so businesses who expand in a number of European countries will not have to painstakingly adjust to each country anew.
Potential Implications of The EU Data Protection Regulation for Marketers
What does all of that mean for B2B marketers? Potentially – quite a lot. Ever since the first draft of the regulation was published, a negative chorus of voices has been heard across Europe. Numerous marketing organisations and companies, most notably among which the DMA, have urged the EU to reconsider and reduce the scope of the regulation as it is now.
Business fears, partly with good reason, that it will be severely limited and damaged. Some have even called it a data disaster and have argued that businesses will become unable to function adequately, and that the European market will quickly fall behind.
Others have taken a more neutral or even positive stance and have said that while some of the provisions are clearly not balanced, the overall effect may well be a positive one. The logic of their argument goes that this will increase and strengthen trust between businesses and customers (be they consumers or other businesses).
Proponents further consider that this will force businesses to grow, to draw on their creative powers, come up with better services and find ways to market that create relationships with customers that are of mutual benefit.
In the end, the regulation will probably not be a complete disaster, as the Council of Ministers is known for taking a more business-oriented stance and carefully considering lobby voices. Furthermore, even if the regulation ends up limiting businesses in serious ways, who knows – this may indeed turn out to be a trigger for growth and innovation.