Consenting Adults: Stronger Data Privacy Rules Come to the European Union

Approved by the European Parliament and Council in April, the General Data Protection Regulation (GDPR) is now a reality. The regulation, which supplants the Data Protection Directive, gives consumers within the European Union more protection and control over their personal data. In addition to applying to businesses operating within the EU’s 28 member states, it affects any company that provides goods or services to individuals within the bloc. And with the international nature of the internet, this means that most online services are affected. Here are the key aspects of the new sweeping regulation, which became enforceable on May 25th.

Consent

In order to be compliant under the GDPR, consent by an individual must be “freely given, specific, informed and unambiguous.” This means that a consumer must actively give their consent to share data. Companies will no longer be able to rely on customer inaction with pre-checked boxes or use convoluted statements to lure consumers into sharing their data. If you receive an email from a company about their privacy policy and ignore it, you have not opted in. In addition to stronger conditions of consent, the new regulation gives consumers the ability to access and download their data. This will enable individuals to ascertain how their data is being used. The new law also permits people to request that their data be erased or transferred.

Fines

Non-compliance with the new regulation will carry significant fines. A company that breaches the GDPR laws will be accessed the larger of two penalties: up to four percent of annual global turnover or 20 million euros ($24.6 million). The new policy stipulates that individuals must be informed of any breach pertaining to their data within 72 hours. Considering how long it took for large data breaches by Yahoo, eBay, and Equifax to be exposed, one can see the potential cost of violating the GDPR’s rules.

Effect on Digital Marketing

The status quo of relying on data collection with few restrictions will change for those doing business within the EU. But the magnitude of the GDPR’s implementation will depend on how engaged people become in taking advantage of the new regulation. If a large percentage of online users decide to withhold consent to use of their data, request an accounting of how their personal information is being used, or delete their data from websites, it will have a major impact on online marketers.

The GDPR is significant in that it changes the way consumer data is collected, used, and stored. It rolls back the largely unregulated data-collection practices that have been in place. The question becomes, will the push within the EU to give consumers more rights over their data spill over to other countries? The implementation of the GDPR has already led to a slew of privacy policy updates in your inbox. Who knows what privacy regulations are on the horizon for US companies?
 

 

Attract top talent to your organization by partnering with a payments recruiting firm. IMPACT Payments Recruiting’s experienced recruitment consultants at IMPACT have been working with some of the most premier payments companies in the industry for more than a decade to connect them with top talent for high-level positions. Our recruiting team is comprised of former payments industry professionals, so we have an in-depth understanding of how to target and evaluate candidates for your hiring needs. Learn more about IMPACT – contact us today.

Connected. Fast. Reliable. IMPACT.